% $RCSfile: sha.tex,v $
%
% $Revision: 1.1 $
% $Date: 1995/07/28 21:20:14 $
%

\protspec{SHA}{SHA (NIST Secure Hash Algorithm)}
\index{sha}
\label{SHA}

\topic{SPECIFICATION}

\noindent
For outgoing messages, the SHA protocol calculates a 20 byte checksum
and pushes it onto the front of the message.  For incoming messages,
a 20 byte checksum is popped from the front of the message, and
compared against the computed checksum of the rest of the message.
No special action is taken when the compare fails; the shortened
message is passed on as usual to the next higher protocol.
If tracing is enabled, a message is printed when the compare fails.
There is an option to use an implicit prefix at the front of each
packet when computing the checksum; separate prefixes may be used
for incoming and outgoing packets.

The checksum algorithm is NIST's Secure Hash Algorithm, intended
for use with the NIST Digital Signature Standard.
It is believed to have various good cryptographic qualities.


\topic{REALM}

SHA is in the ASYNC realm.


\topic{PARTICIPANTS}

SHA passes participants to the lower protocols without manipulating them.


\topic{CONTROL OPERATIONS}

SHA recognizes the following control operations; all others are passed
unchanged to the lower protocol or session.

GETMAXPACKET and GETOPTPACKET:  The packet size returned by the lower
protocol/session is diminished by 20 bytes and passed on.

IP\_PSEUDOHDR:  This control operation turns on the IP pseudoheader
length-fixup flag, either for a session or the entire protocol.
The control operation is also passed to the lower session or protocol.
See IP (page~\pageref{IP}) for an explanation of this kludge.

The PREFIX control operations apply only to sessions, not the protocol.

HASH\_SETLOCALPREFIX sets the implicit prefix used in computing
the checksum for each outgoing packet.  The prefix may be reset
as desired, or turned off by setting a prefix of length 0.

HASH\_SETREMOTEPREFIX sets the implicit prefix for incoming packets.

HASH\_SETPREFIX sets the implicit prefix for both directions.


\topic{CONFIGURATION}

SHA expects to be configured on top of a transport protocol that
preserves packet boundaries (i.e. SHA will not work on top of TCP).

Example of a graph.comp file:
\begin{verbatim}
---------------------------------
@;
name=simeth/0;
name=eth protocols=simeth/0;
name=arp protocols=eth;
name=vnet protocols=eth,arp;
name=ip protocols=vnet;
name=sha protocols=ip;
name=udp protocols=sha;
name=udptest protocols=udp;
@;
prottbl = ../../../etc/prottbl.nonstd;
---------------------------------
\end{verbatim}


\topic{AUTHOR}

\noindent Richard Schroeppel

