| < draft-eastlake-sha2b-00.txt | draft-eastlake-sha2b-01.txt > | |||
|---|---|---|---|---|
| Network Working Group Donald Eastlake 3rd | Network Working Group Donald Eastlake 3rd | |||
| INTERNET-DRAFT Stellar Switches | INTERNET-DRAFT Stellar Switches | |||
| Obsoletes: 4634 Tony Hansen | Obsoletes: 4634 Tony Hansen | |||
| Updates: 3174 AT&T Labs | Updates: 3174 AT&T Labs | |||
| Intended Status: Informational | Intended Status: Informational | |||
| Expires: October 12, 2010 April 13, 2010 | Expires: October 27, 2010 April 28, 2010 | |||
| US Secure Hash Algorithms | US Secure Hash Algorithms | |||
| (SHA and SHA based HMAC and HKDF) | (SHA and SHA based HMAC and HKDF) | |||
| <draft-eastlake-sha2b-00.txt> | <draft-eastlake-sha2b-01.txt> | |||
| Abstract | Abstract | |||
| This document is an update of [RFC4634] to fix errata and to add code | This document is an update of [RFC4634] to fix errata and to add code | |||
| for an HMAC-based extract-and-expand key derivation function. | for an HMAC-based extract-and-expand key derivation function. | |||
| The United States of America has adopted a suite of secure hash | The United States of America has adopted a suite of secure hash | |||
| algorithms (SHAs), including four beyond SHA-1, as part of a Federal | algorithms (SHAs), including four beyond SHA-1, as part of a Federal | |||
| Information Processing Standard (FIPS), specifically SHA-224, | Information Processing Standard (FIPS), specifically SHA-224, | |||
| SHA-256, SHA-384, and SHA-512. The purpose of this document is to | SHA-256, SHA-384, and SHA-512. The purpose of this document is to | |||
| make open source code performing the SHA hash functions conveniently | make open source code performing the SHA hash functions conveniently | |||
| available to the Internet community. The sample code supports input | available to the Internet community. The sample code supports input | |||
| strings of arbitrary bit length. Much of the text herein was adapted | strings of arbitrary bit length. Much of the text herein was adapted | |||
| by the authors from FIPS 180-2. | by the authors from FIPS 180-2. | |||
| As with [RFC4634], code to perform SHA based HMACs is included and, | As with [RFC4634], code to perform SHA based HMACs is included and, | |||
| new in this version, code for HKDF is included. | new in this version, code for HKDF is included. | |||
| Status of This Document | Status of This Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Distribution of this document is unlimited. Comments should be sent | Distribution of this document is unlimited. Comments should be sent | |||
| to the authors. | to the authors. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| other groups may also distribute working documents as Internet- | other groups may also distribute working documents as Internet- | |||
| skipping to change at page 2, line 9 ¶ | skipping to change at page 2, line 9 ¶ | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/1id-abstracts.html | http://www.ietf.org/1id-abstracts.html | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| Table of Contents | Table of Contents | |||
| Status of This Document....................................1 | Abstract...................................................1 | |||
| Status of This Memo........................................1 | ||||
| 1. Overview of Contents....................................3 | 1. Overview of Contents....................................3 | |||
| 2. Notation for Bit Strings and Integers...................4 | 2. Notation for Bit Strings and Integers...................4 | |||
| 3. Operations on Words.....................................5 | 3. Operations on Words.....................................5 | |||
| 4. Message Padding and Parsing.............................7 | 4. Message Padding and Parsing.............................7 | |||
| 4.1 SHA-224 and SHA-256....................................7 | 4.1 SHA-224 and SHA-256....................................7 | |||
| 4.2 SHA-384 and SHA-512....................................8 | 4.2 SHA-384 and SHA-512....................................8 | |||
| 5. Functions and Constants Used...........................10 | 5. Functions and Constants Used...........................10 | |||
| skipping to change at page 2, line 54 ¶ | skipping to change at page 2, line 55 ¶ | |||
| 9. IANA Considerations...................................122 | 9. IANA Considerations...................................122 | |||
| 10. Security Considerations..............................122 | 10. Security Considerations..............................122 | |||
| 11. Acknowledgements.....................................122 | 11. Acknowledgements.....................................122 | |||
| 12. References...........................................123 | 12. References...........................................123 | |||
| 12.1 Normative References................................123 | 12.1 Normative References................................123 | |||
| 12.2 Informative References..............................123 | 12.2 Informative References..............................123 | |||
| Appendix: Changes from RFC 4634..........................125 | Appendix: Changes from RFC 4634..........................125 | |||
| Author's Address.........................................126 | Edit History.............................................126 | |||
| Copyright, Disclaimer, and Additional IPR Provisions.....127 | Changes from -00 to -01..................................126 | |||
| Author's Address.........................................127 | ||||
| Copyright, Disclaimer, and Additional IPR Provisions.....128 | ||||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| 1. Overview of Contents | 1. Overview of Contents | |||
| This document obsoletes [RFC4634] and the changes from that RFC are | This document obsoletes [RFC4634] and the changes from that RFC are | |||
| summarized in the Appendix below. | summarized in the Appendix below. | |||
| This document includes specifications for the United States of | This document includes specifications for the United States of | |||
| America (USA) Federal Information Processing Standard (FIPS) Secure | America (USA) Federal Information Processing Standard (FIPS) Secure | |||
| skipping to change at page 3, line 50 ¶ | skipping to change at page 3, line 50 ¶ | |||
| message in transit will, with very high probability, result in a | message in transit will, with very high probability, result in a | |||
| different message digest. This will result in a verification failure | different message digest. This will result in a verification failure | |||
| when the secure hash algorithm is used with a digital signature | when the secure hash algorithm is used with a digital signature | |||
| algorithm or a keyed-hash message authentication algorithm. | algorithm or a keyed-hash message authentication algorithm. | |||
| The code provided herein supports input strings of arbitrary bit | The code provided herein supports input strings of arbitrary bit | |||
| length. SHA-1's sample code from [RFC3174] has also been updated to | length. SHA-1's sample code from [RFC3174] has also been updated to | |||
| handle input strings of arbitrary bit length. Permission is granted | handle input strings of arbitrary bit length. Permission is granted | |||
| for all uses, commercial and non-commercial, of this code. | for all uses, commercial and non-commercial, of this code. | |||
| ASN.1 OIDs (Object Identifiers) for the SHA algorithms, taken from | ||||
| [RFC4055], are as follows: | ||||
| id-sha1 OBJECT IDENTIFIER ::= { iso(1) | ||||
| identified-organization(3) oiw(14) | ||||
| secsig(3) algorithms(2) 26 } | ||||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| id-sha224 OBJECT IDENTIFIER ::= {{ joint-iso-itu-t(2) | ||||
| country(16) us(840) organization(1) gov(101) | ||||
| csor(3) nistalgorithm(4) hashalgs(2) 4 } | ||||
| id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | ||||
| country(16) us(840) organization(1) gov(101) | ||||
| csor(3) nistalgorithm(4) hashalgs(2) 1 } | ||||
| id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | ||||
| country(16) us(840) organization(1) gov(101) | ||||
| csor(3) nistalgorithm(4) hashalgs(2) 2 } | ||||
| id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) | ||||
| country(16) us(840) organization(1) gov(101) | ||||
| csor(3) nistalgorithm(4) hashalgs(2) 3 } | ||||
| Section 2 below defines the terminology and functions used as | Section 2 below defines the terminology and functions used as | |||
| building blocks to form these algorithms. Section 3 describes the | building blocks to form these algorithms. Section 3 describes the | |||
| fundamental operations on words from which these algorithms are | fundamental operations on words from which these algorithms are | |||
| built. Section 4 describes how messages are padded up to an integral | built. Section 4 describes how messages are padded up to an integral | |||
| multiple of the required block size and then parsed into blocks. | multiple of the required block size and then parsed into blocks. | |||
| Section 5 defines the constants and the composite functions used to | Section 5 defines the constants and the composite functions used to | |||
| specify these algorithms. Section 6 gives the actual specification | specify these algorithms. Section 6 gives the actual specification | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| for the SHA-224, SHA-256, SHA-384, and SHA-512 functions. Section 7 | for the SHA-224, SHA-256, SHA-384, and SHA-512 functions. Section 7 | |||
| provides pointers to the specification of HMAC keyed message | provides pointers to the specification of HMAC keyed message | |||
| authentication codes and to the specification of an extract-and- | authentication codes and to the specification of an extract-and- | |||
| expand key derivation function based on HMAC. | expand key derivation function based on HMAC. | |||
| Section 8 gives sample code for the SHA algorithms, for SHA based | Section 8 gives sample code for the SHA algorithms, for SHA based | |||
| HMACs, and for HMAC-based extract-and-expand key derivation function. | HMACs, and for HMAC-based extract-and-expand key derivation function. | |||
| 2. Notation for Bit Strings and Integers | 2. Notation for Bit Strings and Integers | |||
| skipping to change at page 4, line 36 ¶ | skipping to change at page 5, line 5 ¶ | |||
| word to hex digits, each 4-bit string is converted to its hex | word to hex digits, each 4-bit string is converted to its hex | |||
| equivalent as described in (a) above. Example: | equivalent as described in (a) above. Example: | |||
| 1010 0001 0000 0011 1111 1110 0010 0011 = A103FE23. | 1010 0001 0000 0011 1111 1110 0010 0011 = A103FE23. | |||
| Throughout this document, the "big-endian" convention is used | Throughout this document, the "big-endian" convention is used | |||
| when expressing both 32-bit and 64-bit words, so that within | when expressing both 32-bit and 64-bit words, so that within | |||
| each word the most significant bit is shown in the left-most bit | each word the most significant bit is shown in the left-most bit | |||
| position. | position. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| c. An integer may be represented as a word or pair of words. | c. An integer may be represented as a word or pair of words. | |||
| An integer between 0 and 2^32 - 1 inclusive may be represented | An integer between 0 and 2^32 - 1 inclusive may be represented | |||
| as a 32-bit word. The least significant four bits of the | as a 32-bit word. The least significant four bits of the | |||
| integer are represented by the right-most hex digit of the word | integer are represented by the right-most hex digit of the word | |||
| representation. Example: the integer 291 = 2^8+2^5+2^1+2^0 = | representation. Example: the integer 291 = 2^8+2^5+2^1+2^0 = | |||
| 256+32+2+1 is represented by the hex word, 00000123. | 256+32+2+1 is represented by the hex word, 00000123. | |||
| The same holds true for an integer between 0 and 2^64-1 | The same holds true for an integer between 0 and 2^64-1 | |||
| inclusive, which may be represented as a 64-bit word. | inclusive, which may be represented as a 64-bit word. | |||
| If Z is an integer, 0 <= z < 2^64, then z = (2^32)x + y where 0 | If Z is an integer, 0 <= z < 2^64, then z = (2^32)x + y where 0 | |||
| <= x < 2^32 and 0 <= y < 2^32. Since x and y can be represented | <= x < 2^32 and 0 <= y < 2^32. Since x and y can be represented | |||
| as words X and Y, respectively, z can be represented as the pair | as words X and Y, respectively, z can be represented as the pair | |||
| of words (X,Y). | of words (X,Y). | |||
| Again, the "big-endian" convention is used and the most | Again, the "big-endian" convention is used and the most | |||
| significant word is in the left-most word position for values | significant word is in the left-most word position for values | |||
| represented by multiple-words. | represented by multiple-words. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| d. block = 512-bit or 1024-bit string. A block (e.g., B) may be | d. block = 512-bit or 1024-bit string. A block (e.g., B) may be | |||
| represented as a sequence of 32-bit or 64-bit words. | represented as a sequence of 32-bit or 64-bit words. | |||
| 3. Operations on Words | 3. Operations on Words | |||
| The following logical operators will be applied to words in all four | The following logical operators will be applied to words in all four | |||
| hash operations specified herein. SHA-224 and SHA-256 operate on | hash operations specified herein. SHA-224 and SHA-256 operate on | |||
| 32-bit words while SHA-384 and SHA-512 operate on 64-bit words. | 32-bit words while SHA-384 and SHA-512 operate on 64-bit words. | |||
| In the operations below, x<<n is obtained as follows: discard the | In the operations below, x<<n is obtained as follows: discard the | |||
| skipping to change at page 5, line 33 ¶ | skipping to change at page 6, line 5 ¶ | |||
| a. Bitwise logical word operations | a. Bitwise logical word operations | |||
| X AND Y = bitwise logical "and" of X and Y. | X AND Y = bitwise logical "and" of X and Y. | |||
| X OR Y = bitwise logical "inclusive-or" of X and Y. | X OR Y = bitwise logical "inclusive-or" of X and Y. | |||
| X XOR Y = bitwise logical "exclusive-or" of X and Y. | X XOR Y = bitwise logical "exclusive-or" of X and Y. | |||
| NOT X = bitwise logical "complement" of X. | NOT X = bitwise logical "complement" of X. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| Example: | Example: | |||
| 01101100101110011101001001111011 | 01101100101110011101001001111011 | |||
| XOR 01100101110000010110100110110111 | XOR 01100101110000010110100110110111 | |||
| -------------------------------- | -------------------------------- | |||
| = 00001001011110001011101111001100 | = 00001001011110001011101111001100 | |||
| b. The operation X + Y is defined as follows: words X and Y | b. The operation X + Y is defined as follows: words X and Y | |||
| represent w-bit integers x and y, where 0 <= x < 2^w and 0 <= y | represent w-bit integers x and y, where 0 <= x < 2^w and 0 <= y | |||
| < 2^w. For positive integers n and m, let | < 2^w. For positive integers n and m, let | |||
| skipping to change at page 6, line 5 ¶ | skipping to change at page 6, line 29 ¶ | |||
| be the remainder upon dividing n by m. Compute | be the remainder upon dividing n by m. Compute | |||
| z = (x + y) mod 2^w. | z = (x + y) mod 2^w. | |||
| Then 0 <= z < 2^w. Convert z to a word, Z, and define Z = X + | Then 0 <= z < 2^w. Convert z to a word, Z, and define Z = X + | |||
| Y. | Y. | |||
| c. The right shift operation SHR^n(x), where x is a w-bit word and n | c. The right shift operation SHR^n(x), where x is a w-bit word and n | |||
| is an integer with 0 <= n < w, is defined by | is an integer with 0 <= n < w, is defined by | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| SHR^n(x) = x>>n | SHR^n(x) = x>>n | |||
| d. The rotate right (circular right shift) operation ROTR^n(x), where | d. The rotate right (circular right shift) operation ROTR^n(x), where | |||
| x is a w-bit word and n is an integer with 0 <= n < w, is | x is a w-bit word and n is an integer with 0 <= n < w, is | |||
| defined by | defined by | |||
| ROTR^n(x) = (x>>n) OR (x<<(w-n)) | ROTR^n(x) = (x>>n) OR (x<<(w-n)) | |||
| e. The rotate left (circular left shift) operation ROTL^n(x), where x | e. The rotate left (circular left shift) operation ROTL^n(x), where x | |||
| is a w-bit word and n is an integer with 0 <= n < w, is defined | is a w-bit word and n is an integer with 0 <= n < w, is defined | |||
| skipping to change at page 18, line 33 ¶ | skipping to change at page 18, line 33 ¶ | |||
| SHA$$$HashSize number of octets in the hash | SHA$$$HashSize number of octets in the hash | |||
| SHA$$$HashSizeBits number of bits in the hash | SHA$$$HashSizeBits number of bits in the hash | |||
| SHA$$$_Message_Block_Size | SHA$$$_Message_Block_Size | |||
| number of octets used in the intermediate | number of octets used in the intermediate | |||
| message blocks | message blocks | |||
| shaSuccess = 0 constant returned by each function on success | shaSuccess = 0 constant returned by each function on success | |||
| shaNull = 1 constant returned by each function when | shaNull = 1 constant returned by each function when | |||
| presented with a null pointer parameter | presented with a null pointer parameter | |||
| shaInputTooLong = 2 constant returned by each function when the | shaInputTooLong = 2 constant returned by each function when the | |||
| input data is too long | input data is too long | |||
| shaStateError constant returned by each function when | shaStateError = 3 constant returned by each function when | |||
| SHA$$$Input is called after SHA$$$FinalBits or | SHA$$$Input is called after SHA$$$FinalBits or | |||
| SHA$$$Result. | SHA$$$Result. | |||
| Structure: | Structure: | |||
| typedef SHA$$$Context | typedef SHA$$$Context | |||
| an opaque structure holding the complete state | an opaque structure holding the complete state | |||
| for producing the hash | for producing the hash | |||
| Functions: | Functions: | |||
| int SHA$$$Reset(SHA$$$Context *context); | int SHA$$$Reset(SHA$$$Context *context); | |||
| skipping to change at page 20, line 53 ¶ | skipping to change at page 20, line 53 ¶ | |||
| Reset the hash context state and initialize it with the | Reset the hash context state and initialize it with the | |||
| salt_len octets of the optional salt. | salt_len octets of the optional salt. | |||
| int hkdfInput(HKDFContext *context, const unsigned char *ikm, | int hkdfInput(HKDFContext *context, const unsigned char *ikm, | |||
| int ikm_len) | int ikm_len) | |||
| Incorporate ikm_len octets into the hash. | Incorporate ikm_len octets into the hash. | |||
| int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits, | int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits, | |||
| unsigned int ikm_bit_count) | unsigned int ikm_bit_count) | |||
| Incorporate ikm_bit_count bits into the hash. | Incorporate ikm_bit_count bits into the hash. | |||
| int hkdfResult(HKDFContext *context, | int hkdfResult(HKDFContext *context, | |||
| uint8_t prk[USHAMaxHashSize], | uint8_t prk[USHAMaxHashSize], | |||
| /* ^ An optional location to store the HKDF | ||||
| extraction. Either NULL, or pointer to a buffer | ||||
| that must be larger than USHAHashSize(whichSha) | ||||
| */ | ||||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| const unsigned char *info, int info_len, | const unsigned char *info, int info_len, | |||
| uint8_t okm[ ], int okm_len) | uint8_t okm[ ], int okm_len) | |||
| Finish the HKDF extraction and perform the final HKDF | Finish the HKDF extraction and perform the final HKDF | |||
| expansion, storing the okm_len octets into okm. Optionally | expansion, storing the okm_len octets into okm. Optionally | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| store the pseudo-random key (prk) that is generated | store the pseudo-random key (prk) that is generated | |||
| internally. | internally. | |||
| In addition, combined interfaces are provided, similar to that shown | In addition, combined interfaces are provided, similar to that shown | |||
| in [RFChkdf], that allows a fixed-length text input to be used. | in [RFChkdf], that allows a fixed-length text input to be used. | |||
| int hkdfExtract(SHAversion whichSha, | int hkdfExtract(SHAversion whichSha, | |||
| const unsigned char *salt, int salt_len, | const unsigned char *salt, int salt_len, | |||
| const unsigned char *ikm, int ikm_len, | const unsigned char *ikm, int ikm_len, | |||
| uint8_t prk[USHAMaxHashSize]) | uint8_t prk[USHAMaxHashSize]) | |||
| skipping to change at page 21, line 42 ¶ | skipping to change at page 21, line 38 ¶ | |||
| pseudo-random key prk with the info_len octets of info to | pseudo-random key prk with the info_len octets of info to | |||
| form the okm_len octets stored in okm. | form the okm_len octets stored in okm. | |||
| int hkdf(SHAversion whichSha, | int hkdf(SHAversion whichSha, | |||
| const unsigned char *salt, int salt_len, | const unsigned char *salt, int salt_len, | |||
| const unsigned char *ikm, int ikm_len, | const unsigned char *ikm, int ikm_len, | |||
| const unsigned char *info, int info_len, | const unsigned char *info, int info_len, | |||
| uint8_t okm[ ], int okm_len) | uint8_t okm[ ], int okm_len) | |||
| This combined interface performs both HKDF extraction and | This combined interface performs both HKDF extraction and | |||
| expansion. The variables are the same as in hkdfExtract() | expansion. The variables are the same as in hkdfExtract() | |||
| and hkdf Expand(). | and hkdfExpand(). | |||
| 8.1 The .h file | 8.1 The .h file | |||
| /**************************** sha.h ****************************/ | /**************************** sha.h ****************************/ | |||
| /***************** See RFC NNNN for details. *******************/ | /***************** See RFC NNNN for details. *******************/ | |||
| /* | /* | |||
| Copyright (c) 2010 IETF Trust and the persons identified as | Copyright (c) 2010 IETF Trust and the persons identified as | |||
| authors of the code. All rights reserved. | authors of the code. All rights reserved. | |||
| Redistribution and use in source and binary forms, with or without | Redistribution and use in source and binary forms, with or without | |||
| modification, are permitted provided that the following conditions | modification, are permitted provided that the following conditions | |||
| are met: | are met: | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| * Redistributions of source code must retain the above copyright | * Redistributions of source code must retain the above copyright | |||
| notice, this list of conditions and the following disclaimer. | notice, this list of conditions and the following disclaimer. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| * Redistributions in binary form must reproduce the above copyright | * Redistributions in binary form must reproduce the above copyright | |||
| notice, this list of conditions and the following disclaimer in | notice, this list of conditions and the following disclaimer in | |||
| the documentation and/or other materials provided with the | the documentation and/or other materials provided with the | |||
| distribution. | distribution. | |||
| * Neither the name of Internet Society, IETF or IETF Trust, nor the | * Neither the name of Internet Society, IETF or IETF Trust, nor the | |||
| names of specific contributors, may be used to endorse or promote | names of specific contributors, may be used to endorse or promote | |||
| products derived from this software without specific prior | products derived from this software without specific prior | |||
| written permission. | written permission. | |||
| skipping to change at page 23, line 5 ¶ | skipping to change at page 22, line 54 ¶ | |||
| * fips180-2/fips180-2withchangenotice.pdf | * fips180-2/fips180-2withchangenotice.pdf | |||
| * | * | |||
| * The five hashes are defined in these sizes: | * The five hashes are defined in these sizes: | |||
| * SHA-1 20 byte / 160 bit | * SHA-1 20 byte / 160 bit | |||
| * SHA-224 28 byte / 224 bit | * SHA-224 28 byte / 224 bit | |||
| * SHA-256 32 byte / 256 bit | * SHA-256 32 byte / 256 bit | |||
| * SHA-384 48 byte / 384 bit | * SHA-384 48 byte / 384 bit | |||
| * SHA-512 64 byte / 512 bit | * SHA-512 64 byte / 512 bit | |||
| */ | */ | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| #include <stdint.h> | #include <stdint.h> | |||
| /* | /* | |||
| * If you do not have the ISO standard stdint.h header file, then you | * If you do not have the ISO standard stdint.h header file, then you | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| * must typedef the following: | * must typedef the following: | |||
| * name meaning | * name meaning | |||
| * uint64_t unsigned 64 bit integer | * uint64_t unsigned 64 bit integer | |||
| * uint32_t unsigned 32 bit integer | * uint32_t unsigned 32 bit integer | |||
| * uint8_t unsigned 8 bit integer (i.e., unsigned char) | * uint8_t unsigned 8 bit integer (i.e., unsigned char) | |||
| * int_least16_t integer of >= 16 bits | * int_least16_t integer of >= 16 bits | |||
| * | * | |||
| */ | */ | |||
| #ifndef _SHA_enum_ | #ifndef _SHA_enum_ | |||
| skipping to change at page 24, line 4 ¶ | skipping to change at page 23, line 54 ¶ | |||
| SHA1HashSizeBits = 160, SHA224HashSizeBits = 224, | SHA1HashSizeBits = 160, SHA224HashSizeBits = 224, | |||
| SHA256HashSizeBits = 256, SHA384HashSizeBits = 384, | SHA256HashSizeBits = 256, SHA384HashSizeBits = 384, | |||
| SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits | SHA512HashSizeBits = 512, USHAMaxHashSizeBits = SHA512HashSizeBits | |||
| }; | }; | |||
| /* | /* | |||
| * These constants are used in the USHA (unified sha) functions. | * These constants are used in the USHA (unified sha) functions. | |||
| */ | */ | |||
| typedef enum SHAversion { | typedef enum SHAversion { | |||
| SHA1, SHA224, SHA256, SHA384, SHA512 | SHA1, SHA224, SHA256, SHA384, SHA512 | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| } SHAversion; | } SHAversion; | |||
| /* | /* | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| * This structure will hold context information for the SHA-1 | * This structure will hold context information for the SHA-1 | |||
| * hashing operation. | * hashing operation. | |||
| */ | */ | |||
| typedef struct SHA1Context { | typedef struct SHA1Context { | |||
| uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */ | uint32_t Intermediate_Hash[SHA1HashSize/4]; /* Message Digest */ | |||
| uint32_t Length_Low; /* Message length in bits */ | uint32_t Length_Low; /* Message length in bits */ | |||
| uint32_t Length_High; /* Message length in bits */ | uint32_t Length_High; /* Message length in bits */ | |||
| int_least16_t Message_Block_Index; /* Message_Block array index */ | int_least16_t Message_Block_Index; /* Message_Block array index */ | |||
| skipping to change at page 25, line 4 ¶ | skipping to change at page 24, line 53 ¶ | |||
| * hashing operation. | * hashing operation. | |||
| */ | */ | |||
| typedef struct SHA512Context { | typedef struct SHA512Context { | |||
| #ifdef USE_32BIT_ONLY | #ifdef USE_32BIT_ONLY | |||
| uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest */ | uint32_t Intermediate_Hash[SHA512HashSize/4]; /* Message Digest */ | |||
| uint32_t Length[4]; /* Message length in bits */ | uint32_t Length[4]; /* Message length in bits */ | |||
| #else /* !USE_32BIT_ONLY */ | #else /* !USE_32BIT_ONLY */ | |||
| uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */ | uint64_t Intermediate_Hash[SHA512HashSize/8]; /* Message Digest */ | |||
| uint64_t Length_Low, Length_High; /* Message length in bits */ | uint64_t Length_Low, Length_High; /* Message length in bits */ | |||
| #endif /* USE_32BIT_ONLY */ | #endif /* USE_32BIT_ONLY */ | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| int_least16_t Message_Block_Index; /* Message_Block array index */ | int_least16_t Message_Block_Index; /* Message_Block array index */ | |||
| /* 1024-bit message blocks */ | /* 1024-bit message blocks */ | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| uint8_t Message_Block[SHA512_Message_Block_Size]; | uint8_t Message_Block[SHA512_Message_Block_Size]; | |||
| int Computed; /* Is the digest computed?*/ | int Computed; /* Is the digest computed?*/ | |||
| int Corrupted; /* Is the digest corrupted? */ | int Corrupted; /* Is the digest corrupted? */ | |||
| } SHA512Context; | } SHA512Context; | |||
| /* | /* | |||
| * This structure will hold context information for the SHA-224 | * This structure will hold context information for the SHA-224 | |||
| * hashing operation. It uses the SHA-256 structure for computation. | * hashing operation. It uses the SHA-256 structure for computation. | |||
| */ | */ | |||
| skipping to change at page 26, line 4 ¶ | skipping to change at page 25, line 54 ¶ | |||
| int hashSize; /* hash size of SHA being used */ | int hashSize; /* hash size of SHA being used */ | |||
| int blockSize; /* block size of SHA being used */ | int blockSize; /* block size of SHA being used */ | |||
| USHAContext shaContext; /* SHA context */ | USHAContext shaContext; /* SHA context */ | |||
| unsigned char k_opad[USHA_Max_Message_Block_Size]; | unsigned char k_opad[USHA_Max_Message_Block_Size]; | |||
| /* outer padding - key XORd with opad */ | /* outer padding - key XORd with opad */ | |||
| int Computed; /* Is the digest computed? */ | int Computed; /* Is the digest computed? */ | |||
| int Corrupted; /* Is the digest corrupted? */ | int Corrupted; /* Is the digest corrupted? */ | |||
| } HMACContext; | } HMACContext; | |||
| /* | /* | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| * This structure will hold context information for the HKDF | * This structure will hold context information for the HKDF | |||
| * Extract-and-Expand Key Derivation functions. | * Extract-and-Expand Key Derivation functions. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| */ | */ | |||
| typedef struct HKDFContext { | typedef struct HKDFContext { | |||
| int whichSha; /* which SHA is being used */ | int whichSha; /* which SHA is being used */ | |||
| HMACContext hmacContext; | HMACContext hmacContext; | |||
| int hashSize; /* hash size of SHA being used */ | int hashSize; /* hash size of SHA being used */ | |||
| unsigned char prk[USHAMaxHashSize]; | unsigned char prk[USHAMaxHashSize]; | |||
| /* Pseudo Random Key - output of hkdfInput */ | /* Pseudo Random Key - output of hkdfInput */ | |||
| int Computed; /* Is the digest computed? */ | int Computed; /* Is the digest computed? */ | |||
| int Corrupted; /* Is the digest corrupted? */ | int Corrupted; /* Is the digest corrupted? */ | |||
| } HKDFContext; | } HKDFContext; | |||
| skipping to change at page 27, line 4 ¶ | skipping to change at page 26, line 54 ¶ | |||
| extern int SHA256FinalBits(SHA256Context *, uint8_t bits, | extern int SHA256FinalBits(SHA256Context *, uint8_t bits, | |||
| unsigned int bit_count); | unsigned int bit_count); | |||
| extern int SHA256Result(SHA256Context *, | extern int SHA256Result(SHA256Context *, | |||
| uint8_t Message_Digest[SHA256HashSize]); | uint8_t Message_Digest[SHA256HashSize]); | |||
| /* SHA-384 */ | /* SHA-384 */ | |||
| extern int SHA384Reset(SHA384Context *); | extern int SHA384Reset(SHA384Context *); | |||
| extern int SHA384Input(SHA384Context *, const uint8_t *bytes, | extern int SHA384Input(SHA384Context *, const uint8_t *bytes, | |||
| unsigned int bytecount); | unsigned int bytecount); | |||
| extern int SHA384FinalBits(SHA384Context *, uint8_t bits, | extern int SHA384FinalBits(SHA384Context *, uint8_t bits, | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| unsigned int bit_count); | unsigned int bit_count); | |||
| extern int SHA384Result(SHA384Context *, | extern int SHA384Result(SHA384Context *, | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| uint8_t Message_Digest[SHA384HashSize]); | uint8_t Message_Digest[SHA384HashSize]); | |||
| /* SHA-512 */ | /* SHA-512 */ | |||
| extern int SHA512Reset(SHA512Context *); | extern int SHA512Reset(SHA512Context *); | |||
| extern int SHA512Input(SHA512Context *, const uint8_t *bytes, | extern int SHA512Input(SHA512Context *, const uint8_t *bytes, | |||
| unsigned int bytecount); | unsigned int bytecount); | |||
| extern int SHA512FinalBits(SHA512Context *, uint8_t bits, | extern int SHA512FinalBits(SHA512Context *, uint8_t bits, | |||
| unsigned int bit_count); | unsigned int bit_count); | |||
| extern int SHA512Result(SHA512Context *, | extern int SHA512Result(SHA512Context *, | |||
| uint8_t Message_Digest[SHA512HashSize]); | uint8_t Message_Digest[SHA512HashSize]); | |||
| skipping to change at page 28, line 4 ¶ | skipping to change at page 27, line 54 ¶ | |||
| * for all SHAs. | * for all SHAs. | |||
| * This interface allows any length of text input to be used. | * This interface allows any length of text input to be used. | |||
| */ | */ | |||
| extern int hmacReset(HMACContext *context, enum SHAversion whichSha, | extern int hmacReset(HMACContext *context, enum SHAversion whichSha, | |||
| const unsigned char *key, int key_len); | const unsigned char *key, int key_len); | |||
| extern int hmacInput(HMACContext *context, const unsigned char *text, | extern int hmacInput(HMACContext *context, const unsigned char *text, | |||
| int text_len); | int text_len); | |||
| extern int hmacFinalBits(HMACContext *context, uint8_t bits, | extern int hmacFinalBits(HMACContext *context, uint8_t bits, | |||
| unsigned int bit_count); | unsigned int bit_count); | |||
| extern int hmacResult(HMACContext *context, | extern int hmacResult(HMACContext *context, | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| uint8_t digest[USHAMaxHashSize]); | uint8_t digest[USHAMaxHashSize]); | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| /* | /* | |||
| * HKDF HMAC-based Extract-and-Expand Key Derivation Function, | * HKDF HMAC-based Extract-and-Expand Key Derivation Function, | |||
| * RFChkdf, for all SHAs. | * RFCXXXX, for all SHAs. | |||
| */ | */ | |||
| extern int hkdf(SHAversion whichSha, const unsigned char *salt, | extern int hkdf(SHAversion whichSha, const unsigned char *salt, | |||
| int salt_len, const unsigned char *ikm, int ikm_len, | int salt_len, const unsigned char *ikm, int ikm_len, | |||
| const unsigned char *info, int info_len, | const unsigned char *info, int info_len, | |||
| uint8_t okm[ ], int okm_len); | uint8_t okm[ ], int okm_len); | |||
| extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt, | extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt, | |||
| int salt_len, const unsigned char *ikm, | int salt_len, const unsigned char *ikm, | |||
| int ikm_len, uint8_t prk[USHAMaxHashSize]); | int ikm_len, uint8_t prk[USHAMaxHashSize]); | |||
| extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ], | extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ], | |||
| int prk_len, const unsigned char *info, | int prk_len, const unsigned char *info, | |||
| int info_len, uint8_t okm[ ], int okm_len); | int info_len, uint8_t okm[ ], int okm_len); | |||
| /* | /* | |||
| * HKDF HMAC-based Extract-and-Expand Key Derivation Function, | * HKDF HMAC-based Extract-and-Expand Key Derivation Function, | |||
| * RFChkdf, for all SHAs. | * RFCXXXX, for all SHAs. | |||
| * This interface allows any length of text input to be used. | * This interface allows any length of text input to be used. | |||
| */ | */ | |||
| extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha, | extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha, | |||
| const unsigned char *salt, int salt_len); | const unsigned char *salt, int salt_len); | |||
| extern int hkdfInput(HKDFContext *context, const unsigned char *ikm, | extern int hkdfInput(HKDFContext *context, const unsigned char *ikm, | |||
| int ikm_len); | int ikm_len); | |||
| extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits, | extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits, | |||
| unsigned int ikm_bit_count); | unsigned int ikm_bit_count); | |||
| extern int hkdfResult(HKDFContext *context, | extern int hkdfResult(HKDFContext *context, | |||
| uint8_t prk[USHAMaxHashSize], | uint8_t prk[USHAMaxHashSize], | |||
| skipping to change at page 82, line 35 ¶ | skipping to change at page 82, line 35 ¶ | |||
| /**************************** hkdf.c ***************************/ | /**************************** hkdf.c ***************************/ | |||
| /***************** See RFC NNNN for details. *******************/ | /***************** See RFC NNNN for details. *******************/ | |||
| /* Copyright (c) 2010 IETF Trust and the persons identified as */ | /* Copyright (c) 2010 IETF Trust and the persons identified as */ | |||
| /* authors of the code. All rights reserved. */ | /* authors of the code. All rights reserved. */ | |||
| /* See sha.h for terms of use and redistribution. */ | /* See sha.h for terms of use and redistribution. */ | |||
| /* | /* | |||
| * Description: | * Description: | |||
| * This file implements the HKDF algorithm (HMAC-based | * This file implements the HKDF algorithm (HMAC-based | |||
| * Extract-and-Expand Key Derivation Function, RFChkdf), | * Extract-and-Expand Key Derivation Function, RFCXXXX), | |||
| * expressed in terms of the various SHA algorithms. | * expressed in terms of the various SHA algorithms. | |||
| */ | */ | |||
| #include "sha.h" | #include "sha.h" | |||
| #include <memory.h> | #include <memory.h> | |||
| #include <stdlib.h> | #include <stdlib.h> | |||
| /* | /* | |||
| * hkdf | * hkdf | |||
| * | * | |||
| skipping to change at page 89, line 37 ¶ | skipping to change at page 89, line 37 ¶ | |||
| * one that calls SHAInput with an exact multiple of 512 bits | * one that calls SHAInput with an exact multiple of 512 bits | |||
| * the seven tests documented for each algorithm in | * the seven tests documented for each algorithm in | |||
| * "The Secure Hash Algorithm Validation System (SHAVS)" | * "The Secure Hash Algorithm Validation System (SHAVS)" | |||
| * (http://csrc.nist.gov/cryptval/shs/SHAVS.pdf), | * (http://csrc.nist.gov/cryptval/shs/SHAVS.pdf), | |||
| * three of which are bit-level tests | * three of which are bit-level tests | |||
| * | * | |||
| * This file will exercise the HMAC SHA1 code performing | * This file will exercise the HMAC SHA1 code performing | |||
| * the seven tests documented in RFCs [RFC2202] and [RFC4231]. | * the seven tests documented in RFCs [RFC2202] and [RFC4231]. | |||
| * | * | |||
| * This file will exercise the HKDF code performing | * This file will exercise the HKDF code performing | |||
| * the six tests documented in RFChkdf. | * the six tests documented in RFC XXXX. | |||
| * | * | |||
| * To run the tests and just see PASSED/FAILED, use the -p option. | * To run the tests and just see PASSED/FAILED, use the -p option. | |||
| * | * | |||
| * Other options exercise: | * Other options exercise: | |||
| * hashing an arbitrary string | * hashing an arbitrary string | |||
| * hashing a file's contents | * hashing a file's contents | |||
| * a few error test checks | * a few error test checks | |||
| * printing the results in raw format | * printing the results in raw format | |||
| * | * | |||
| * Portability Issues: | * Portability Issues: | |||
| skipping to change at page 103, line 55 ¶ | skipping to change at page 103, line 55 ¶ | |||
| SHA1, | SHA1, | |||
| 22, "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" | 22, "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" | |||
| "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", | "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", | |||
| 0, "", | 0, "", | |||
| 0, "", | 0, "", | |||
| 20, "DA8C8A73C7FA77288EC6F5E7C297786AA0D32D01", | 20, "DA8C8A73C7FA77288EC6F5E7C297786AA0D32D01", | |||
| 42, "0AC1AF7002B3D761D1E55298DA9D0506" | 42, "0AC1AF7002B3D761D1E55298DA9D0506" | |||
| "B9AE52057220A306E07B6B87E8DF21D0" | "B9AE52057220A306E07B6B87E8DF21D0" | |||
| "EA00033DE03984D34918" | "EA00033DE03984D34918" | |||
| }, | }, | |||
| { /* Extra test case, not in RFChkdf. */ | { /* Extra test case, not in RFC XXXX. */ | |||
| SHA1, | SHA1, | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| 22, "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c" | 22, "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c" | |||
| "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c", | "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c", | |||
| 0, 0, | 0, 0, | |||
| 0, "", | 0, "", | |||
| 20, "2ADCCADA18779E7C2077AD2EB19D3F3E731385DD", | 20, "2ADCCADA18779E7C2077AD2EB19D3F3E731385DD", | |||
| 42, "2C91117204D745F3500D636A62F64F0A" | 42, "2C91117204D745F3500D636A62F64F0A" | |||
| skipping to change at page 123, line 43 ¶ | skipping to change at page 123, line 43 ¶ | |||
| [RFC2202] - P. Cheng, R. Glenn, "Test Cases for HMAC-MD5 and HMAC- | [RFC2202] - P. Cheng, R. Glenn, "Test Cases for HMAC-MD5 and HMAC- | |||
| SHA-1", September 1997. | SHA-1", September 1997. | |||
| [RFC3174] - D. Eastlake 3rd, P. Jones, "US Secure Hash Algorithm 1 | [RFC3174] - D. Eastlake 3rd, P. Jones, "US Secure Hash Algorithm 1 | |||
| (SHA1)", September 2001. | (SHA1)", September 2001. | |||
| [RFC3874] - R. Housley, "A 224-bit One-way Hash Function: SHA-224", | [RFC3874] - R. Housley, "A 224-bit One-way Hash Function: SHA-224", | |||
| September 2004. | September 2004. | |||
| [RFC4055] - Schaad, J., Kaliski, B., and R. Housley, "Additional | ||||
| Algorithms and Identifiers for RSA Cryptography for use in the | ||||
| Internet X.509 Public Key Infrastructure Certificate and | ||||
| Certificate Revocation List (CRL) Profile", RFC 4055, June 2005 | ||||
| [RFC4086] - D. Eastlake, S. Crocker, J. Schiller, "Randomness | [RFC4086] - D. Eastlake, S. Crocker, J. Schiller, "Randomness | |||
| Requirements for Security", May 2005. | Requirements for Security", May 2005. | |||
| [RFC4231] - M. Nystrom, "Identifiers and Test Vectors for HMAC- | [RFC4231] - M. Nystrom, "Identifiers and Test Vectors for HMAC- | |||
| SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", | SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512", | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| December 2005. | December 2005. | |||
| [RFC4634] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash | [RFC4634] - Eastlake 3rd, D. and T. Hansen, "US Secure Hash | |||
| Algorithms (SHA and HMAC-SHA)", RFC 4634, July 2006. | Algorithms (SHA and HMAC-SHA)", RFC 4634, July 2006. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| [SHAVS] - "The Secure Hash Algorithm Validation System (SHAVS)", | [SHAVS] - "The Secure Hash Algorithm Validation System (SHAVS)", | |||
| http://csrc.nist.gov/cryptval/shs/SHAVS.pdf. | http://csrc.nist.gov/cryptval/shs/SHAVS.pdf. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| Appendix: Changes from RFC 4634 | Appendix: Changes from RFC 4634 | |||
| The following changes were made to RFC 4634 to produce this document: | The following changes were made to RFC 4634 to produce this document: | |||
| 1. Add code for HKDF and brief text about HKDF with pointer to | 1. Add code for HKDF and brief text about HKDF with pointer to | |||
| skipping to change at page 126, line 7 ¶ | skipping to change at page 126, line 7 ¶ | |||
| 2^93 bytes (2^96 bits). The fixed code handles up to 2^125 | 2^93 bytes (2^96 bits). The fixed code handles up to 2^125 | |||
| bytes (2^128 bits). | bytes (2^128 bits). | |||
| 2.d Add additional error checking. | 2.d Add additional error checking. | |||
| 3. Update boilerplate, remove special license in [RFC4634] as new | 3. Update boilerplate, remove special license in [RFC4634] as new | |||
| boilerplate mandates simplified BSD license. | boilerplate mandates simplified BSD license. | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| Edit History | ||||
| RFC Editor, Please delete this section on publication. | ||||
| Changes from -00 to -01 | ||||
| Add hash function OIDs and informational reference to [RFC4055]. A | ||||
| few Editorial changes and typo fixes. | ||||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | ||||
| Author's Address | Author's Address | |||
| Donald E. Eastlake, 3rd | Donald E. Eastlake, 3rd | |||
| Stellar Switches | Stellar Switches | |||
| 155 Beaver Street | 155 Beaver Street | |||
| Milford, MA 01757 USA | Milford, MA 01757 USA | |||
| Telephone: +1-508-333-2270 | Telephone: +1-508-333-2270 | |||
| EMail: d3e3e3@gmail.com | EMail: d3e3e3@gmail.com | |||
| Tony Hansen | Tony Hansen | |||
| AT&T Laboratories | AT&T Laboratories | |||
| 200 Laurel Ave. | 200 Laurel Ave. | |||
| Middletown, NJ 07748 USA | Middletown, NJ 07748 USA | |||
| Telephone: +1-732-420-8934 | Telephone: +1-732-420-8934 | |||
| EMail: tony+shs@millennium.att.com | EMail: tony+shs@maillennium.att.com | |||
| INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | INTERNET-DRAFT SHAs, HMAC-SHAs, and HKDF | |||
| Copyright, Disclaimer, and Additional IPR Provisions | Copyright, Disclaimer, and Additional IPR Provisions | |||
| Copyright (c) 2010 IETF Trust and the persons identified as the | Copyright (c) 2010 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| End of changes. 39 change blocks. | ||||
| 44 lines changed or deleted | 82 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||