doc: Add RFC documents

1 files changed, 339 insertions, 0 deletions

diff --git a/doc/rfc/rfc3874.txt b/doc/rfc/rfc3874.txt
new file mode 100644
index 0000000..7c3c550
--- /dev/null
+++ b/doc/rfc/rfc3874.txt
@@ -0,0 +1,339 @@
+
+
+
+
+
+
+Network Working Group                                         R. Housley
+Request for Comments: 3874                                Vigil Security
+Category: Informational                                   September 2004
+
+
+                A 224-bit One-way Hash Function: SHA-224
+
+Status of this Memo
+
+   This memo provides information for the Internet community.  It does
+   not specify an Internet standard of any kind.  Distribution of this
+   memo is unlimited.
+
+Copyright Notice
+
+   Copyright (C) The Internet Society (2004).
+
+Abstract
+
+   This document specifies a 224-bit one-way hash function, called
+   SHA-224.  SHA-224 is based on SHA-256, but it uses a different
+   initial value and the result is truncated to 224 bits.
+
+1.  Introduction
+
+   This document specifies a 224-bit one-way hash function, called
+   SHA-224.  The National Institute of Standards and Technology (NIST)
+   announced the FIPS 180-2 Change Notice on February 28, 2004 which
+   specifies the SHA-224 one-way hash function.  One-way hash functions
+   are also known as message digests.  SHA-224 is based on SHA-256, the
+   256-bit one-way hash function already specified by NIST [SHA2].
+   Computation of a SHA-224 hash value is two steps.  First, the SHA-256
+   hash value is computed, except that a different initial value is
+   used.  Second, the resulting 256-bit hash value is truncated to 224
+   bits.
+
+   NIST is developing guidance on cryptographic key management, and NIST
+   recently published a draft for comment [NISTGUIDE].  Five security
+   levels are discussed in the guidance: 80, 112, 128, 192, and 256 bits
+   of security.  One-way hash functions are available for all of these
+   levels except one.  SHA-224 fills this void.  SHA-224 is a one-way
+   hash function that provides 112 bits of security, which is the
+   generally accepted strength of Triple-DES [3DES].
+
+   This document makes the SHA-224 one-way hash function specification
+   available to the Internet community, and it publishes the object
+   identifiers for use in ASN.1-based protocols.
+
+
+
+
+Housley                      Informational                      [Page 1]
+
+RFC 3874        A 224-bit One-way Hash Function: SHA-224  September 2004
+
+
+1.1.  Usage Considerations
+
+   Since SHA-224 is based on SHA-256, roughly the same amount of effort
+   is consumed to compute a SHA-224 or a SHA-256 digest message digest
+   value.  Even though SHA-224 and SHA-256 have roughly equivalent
+   computational complexity, SHA-224 is an appropriate choice for a
+   one-way hash function that provides 112 bits of security.  The use of
+   a different initial value ensures that a truncated SHA-256 message
+   digest value cannot be mistaken for a SHA-224 message digest value
+   computed on the same data.
+
+   Some usage environments are sensitive to every octet that is
+   transmitted.  In these cases, the smaller (by 4 octets) message
+   digest value provided by SHA-224 is important.
+
+   These observations lead to the following guidance:
+
+   *  When selecting a suite of cryptographic algorithms that all offer
+      112 bits of security strength, SHA-224 is an appropriate choice
+      for one-way hash function.
+
+   *  When terseness is not a selection criteria, the use of SHA-256 is
+      a preferred alternative to SHA-224.
+
+1.2.  Terminology
+
+   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+   document are to be interpreted as described in [STDWORDS].
+
+2.  SHA-224 Description
+
+   SHA-224 may be used to compute a one-way hash value on a message
+   whose length less than 2^64 bits.
+
+   SHA-224 makes use of SHA-256 [SHA2].  To compute a one-way hash
+   value, SHA-256 uses a message schedule of sixty-four 32-bit words,
+   eight 32-bit working variables, and produces a hash value of eight
+   32-bit words.
+
+   The function is defined in the exact same manner as SHA-256, with the
+   following two exceptions:
+
+      First, for SHA-224, the initial hash value of the eight 32-bit
+      working variables, collectively called H, shall consist of the
+      following eight 32-bit words (in hex):
+
+
+
+
+
+Housley                      Informational                      [Page 2]
+
+RFC 3874        A 224-bit One-way Hash Function: SHA-224  September 2004
+
+
+         H_0 = c1059ed8               H_4 = ffc00b31
+         H_1 = 367cd507               H_5 = 68581511
+         H_2 = 3070dd17               H_6 = 64f98fa7
+         H_3 = f70e5939               H_7 = befa4fa4
+
+      Second, SHA-224 simply makes use of the first seven 32-bit words
+      in the SHA-256 result, discarding the remaining 32-bit words in
+      the SHA-256 result.  That is, the final value of H is used as
+      follows, where || denotes concatenation:
+
+         H_0 || H_1 || H_2 || H_3 || H_4 || H_5 || H_6
+
+3.  Test Vectors
+
+   This section includes three test vectors.  These test vectors can be
+   used to test implementations of SHA-224.
+
+3.1.  Test Vector #1
+
+   Let the message to be hashed be the 24-bit ASCII string "abc", which
+   is equivalent to the following binary string:
+
+      01100001 01100010 01100011
+
+   The SHA-224 hash value (in hex):
+
+      23097d22 3405d822 8642a477 bda255b3 2aadbce4 bda0b3f7 e36c9da7
+
+3.2.  Test Vector #2
+
+   Let the message to be hashed be the 448-bit ASCII string
+   "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq".
+
+   The SHA-224 hash value is (in hex):
+
+      75388b16 512776cc 5dba5da1 fd890150 b0c6455c b4f58b19 52522525
+
+3.3.  Test Vector #3
+
+   Let the message to be hashed be the binary-coded form of the ASCII
+   string which consists of 1,000,000 repetitions of the character "a".
+
+   The SHA-224 hash value is (in hex):
+
+      20794655 980c91d8 bbb4c1ea 97618a4b f03f4258 1948b2ee 4ee7ad67
+
+
+
+
+
+
+Housley                      Informational                      [Page 3]
+
+RFC 3874        A 224-bit One-way Hash Function: SHA-224  September 2004
+
+
+4.  Object Identifier
+
+   NIST has assigned an ASN.1 [X.208-88, X.209-88] object identifier for
+   SHA-224.  Some protocols use object identifiers to name one-way hash
+   functions.  One example is CMS [CMS].  Implementations of such
+   protocols that make use of SHA-224 MUST use the following object
+   identifier.
+
+      id-sha224  OBJECT IDENTIFIER  ::=  { joint-iso-itu-t(2)
+                      country(16) us(840) organization(1) gov(101)
+                      csor(3) nistalgorithm(4) hashalgs(2) sha224(4) }
+
+5.  Security Considerations
+
+   One-way hash functions are typically used with other cryptographic
+   algorithms, such as digital signature algorithms and keyed-hash
+   message authentication codes, or in the generation of random values.
+   When a one-way hash function is used in conjunction with another
+   algorithm, there may be requirements specified elsewhere that require
+   the use of a one-way hash function with a certain number of bits of
+   security.  For example, if a message is being signed with a digital
+   signature algorithm that provides 128 bits of security, then that
+   signature algorithm may require the use of a one-way hash algorithm
+   that also provides the same number of bits of security.  SHA-224 is
+   intended to provide 112 bits of security, which is the generally
+   accepted strength of Triple-DES [3DES].
+
+   This document is intended to provide the SHA-224 specification to the
+   Internet community.  No independent assertion of the security of this
+   one-way hash function is intended by the author for any particular
+   use.  However, as long as SHA-256 provides the expected security,
+   SHA-224 will also provide its expected level of security.
+
+6.  References
+
+6.1.  Normative References
+
+   [SHA2]      Federal Information Processing Standards Publication
+               (FIPS PUB) 180-2, Secure Hash Standard, 1 August 2002.
+
+   [STDWORDS]  Bradner, S., "Key words for use in RFCs to Indicate
+               Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+
+
+
+
+
+
+
+
+Housley                      Informational                      [Page 4]
+
+RFC 3874        A 224-bit One-way Hash Function: SHA-224  September 2004
+
+
+6.2.  Informative References
+
+   [3DES]      American National Standards Institute.  ANSI X9.52-1998,
+               Triple Data Encryption Algorithm Modes of Operation.
+               1998.
+
+   [CMS]       Housley, R., "Cryptographic Message Syntax (CMS)", RFC
+               3852, July 2004.
+
+   [NISTGUIDE] National Institute of Standards and Technology.  Second
+               Draft: "Key Management Guideline, Part 1:  General
+               Guidance."  June 2002.
+               [http://csrc.nist.gov/encryption/kms/guideline-1.pdf]
+
+   [X.208-88]  CCITT Recommendation X.208: Specification of Abstract
+               Syntax Notation One (ASN.1). 1988.
+
+   [X.209-88]  CCITT Recommendation X.209: Specification of Basic
+               Encoding Rules for Abstract Syntax Notation One (ASN.1).
+               1988.
+
+7.  Acknowledgments
+
+   Many thanks to Jim Schaad for generating the test vectors.  A second
+   implementation by Brian Gladman was used to confirm that the test
+   vectors are correct.
+
+8.  Author's Address
+
+   Russell Housley
+   Vigil Security, LLC
+   918 Spring Knoll Drive
+   Herndon, VA 20170
+   USA
+
+   EMail: housley@vigilsec.com
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Housley                      Informational                      [Page 5]
+
+RFC 3874        A 224-bit One-way Hash Function: SHA-224  September 2004
+
+
+9.  Full Copyright Statement
+
+   Copyright (C) The Internet Society (2004).
+
+   This document is subject to the rights, licenses and restrictions
+   contained in BCP 78, and except as set forth therein, the authors
+   retain all their rights.
+
+   This document and the information contained herein are provided on an
+   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/S HE
+   REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
+   INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+   The IETF takes no position regarding the validity or scope of any
+   Intellectual Property Rights or other rights that might be claimed to
+   pertain to the implementation or use of the technology described in
+   this document or the extent to which any license under such rights
+   might or might not be available; nor does it represent that it has
+   made any independent effort to identify any such rights.  Information
+   on the IETF's procedures with respect to rights in IETF Documents can
+   be found in BCP 78 and BCP 79.
+
+   Copies of IPR disclosures made to the IETF Secretariat and any
+   assurances of licenses to be made available, or the result of an
+   attempt made to obtain a general license or permission for the use of
+   such proprietary rights by implementers or users of this
+   specification can be obtained from the IETF on-line IPR repository at
+   http://www.ietf.org/ipr.
+
+   The IETF invites any interested party to bring to its attention any
+   copyrights, patents or patent applications, or other proprietary
+   rights that may cover technology that may be required to implement
+   this standard.  Please address the information to the IETF at ietf-
+   ipr@ietf.org.
+
+Acknowledgement
+
+   Funding for the RFC Editor function is currently provided by the
+   Internet Society.
+
+
+
+
+
+
+
+Housley                      Informational                      [Page 6]
+