Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
i'm not using SHA 384 myself, but it seems worth handling for the sake of completeness (most protocol i've seen that supports SHA512 also supports SHA384).
When looking at the test vectors you provided, I noticed SHA-224 (specified in the update http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf and also RFC 3874). Is this also important, are there any protocols or application that specify it's use? It's defined in terms of SHA256 in the same way as SHA384 is defined in terms of SHA512. To me, the SHA-2 family seems to have more members than are really useful.
I put a set of test cases in t/08-digest.t of perl's Crypt::GCrypt, if you're interested.
Thanks, I'll add those that are missing in Nettle's current testsuite. Still missing are independent test vectors for RSA signatures.
Regards, /Niels