US Secure Hash Algorithms (SHA and HMAC-SHA)
RFC 4634
Document Type RFC - Informational (August 2006; Errata)
Obsoleted by RFC 6234
Updates RFC 3174
Was draft-eastlake-sha2 (individual in sec area)
Last updated 2018-12-20
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 4634 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Email authors IPR 1 References Referenced by Nits 
Network Working Group                                    D. Eastlake 3rd
Request for Comments: 4634                                 Motorola Labs
Updates: 3174                                                  T. Hansen
Category: Informational                                        AT&T Labs
                                                               July 2006

              US Secure Hash Algorithms (SHA and HMAC-SHA)

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   The United States of America has adopted a suite of Secure Hash
   Algorithms (SHAs), including four beyond SHA-1, as part of a Federal
   Information Processing Standard (FIPS), specifically SHA-224 (RFC
   3874), SHA-256, SHA-384, and SHA-512.  The purpose of this document
   is to make source code performing these hash functions conveniently
   available to the Internet community.  The sample code supports input
   strings of arbitrary bit length.  SHA-1's sample code from RFC 3174
   has also been updated to handle input strings of arbitrary bit
   length.  Most of the text herein was adapted by the authors from FIPS
   180-2.

   Code to perform SHA-based HMACs, with arbitrary bit length text, is
   also included.

Eastlake 3rd & Hansen        Informational                      [Page 1]
RFC 4634                   SHAs and HMAC-SHAs                  July 2006

Table of Contents

   1. Overview of Contents ............................................3
      1.1. License ....................................................4
   2. Notation for Bit Strings and Integers ...........................4
   3. Operations on Words .............................................5
   4. Message Padding and Parsing .....................................6
      4.1. SHA-224 and SHA-256 ........................................7
      4.2. SHA-384 and SHA-512 ........................................8
   5. Functions and Constants Used ....................................9
      5.1. SHA-224 and SHA-256 ........................................9
      5.2. SHA-384 and SHA-512 .......................................10
   6. Computing the Message Digest ...................................11
      6.1. SHA-224 and SHA-256 Initialization ........................11
      6.2. SHA-224 and SHA-256 Processing ............................11
      6.3. SHA-384 and SHA-512 Initialization ........................13
      6.4. SHA-384 and SHA-512 Processing ............................14
   7. SHA-Based HMACs ................................................15
   8. C Code for SHAs ................................................15
      8.1. The .h File ...............................................18
      8.2. The SHA Code ..............................................24
           8.2.1. sha1.c .............................................24
           8.2.2. sha224-256.c .......................................33
           8.2.3. sha384-512.c .......................................45
           8.2.4. usha.c .............................................67
           8.2.5. sha-private.h ......................................72
      8.3. The HMAC Code .............................................73
      8.4. The Test Driver ...........................................78
   9. Security Considerations .......................................106
   10. Normative References .........................................106
   11. Informative References .......................................106

Eastlake 3rd & Hansen        Informational                      [Page 2]
RFC 4634                   SHAs and HMAC-SHAs                  July 2006

1.  Overview of Contents

   NOTE: Much of the text below is taken from [FIPS180-2] and assertions
   therein of the security of the algorithms described are made by the
   US Government, the author of [FIPS180-2], and not by the authors of
   this document.

   The text below specifies Secure Hash Algorithms, SHA-224 [RFC3874],
   SHA-256, SHA-384, and SHA-512, for computing a condensed
   representation of a message or a data file. (SHA-1 is specified in
   [RFC3174].)  When a message of any length < 2^64 bits (for SHA-224
   and SHA-256) or < 2^128 bits (for SHA-384 and SHA-512) is input to
   one of these algorithms, the result is an output called a message
   digest.  The message digests range in length from 224 to 512 bits,
   depending on the algorithm.  Secure hash algorithms are typically
   used with other cryptographic algorithms, such as digital signature
   algorithms and keyed hash authentication codes, or in the generation
   of random numbers [RFC4086].

   The four algorithms specified in this document are called secure
   because it is computationally infeasible to (1) find a message that
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools