[8454] in cryptography@c2.net mail archive
SHA-1 testing
daemon@ATHENA.MIT.EDU (\"marius\)
Mon Jan 15 20:13:18 2001
Message-Id: <200101160032.QAA20869@zeraf.chiplogic.com>
Date: Mon, 15 Jan 2001 16:32:37 -0800 (PST)
From: "\"marius\"" <marius@chiplogic.com>
Reply-To: "\"marius\"" <marius@chiplogic.com>
To: cryptography@c2.net
MIME-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-MD5: CxWfjnz4eNDZ6JE/08Kv3g==
Hello,
Sorry for sending this message again, but I fought that adding the APENDIX E to the message will make it more clear.
Can somebody tell me if the following statements are correct. Thank you very much.
According with the DSSVS User's Guide document that can be find on http://csrc.nist.gov/cryptval/ under SHA-1 topic,
for Type III testing (Pseudorandomly Generated Messages) the appendix E provides a procedure.
*******************************************************************************************************************
APPENDIX E: Description of the SHS Type 3 Test
This test determines whether the DUT can compute message digests for messages that are generated using a
given seed, which is provided in "sha.req". A sequence of 100 message digests is generated by the DUT using this
seed. The DUT portion of the testing procedure is as follows:
The DUT:
1.Obtains SHS Request Type 3 message M (416 bits) from the "sha.req" file (this is the "seed").
2.Performs the following test, using M as input:
procedure testSHS(M,D[0], . . . D[99])
string M,D[0], . . . D[99];
{
integer i, j, a;
for j = 0 to 99 do
{
for i = 1 to 50000 do
{
for a = 1 to (j/4*8 + 24) do M := M || '0';
/* '0' is the binary zero bit. */
M := M || i;
/* Here, the value for 'i' is expressed as a 32-bit word and concatenated with 'M'. The first bit
concatenated with 'M' is the most significant bit of this 32-bit word. */
M := SHA(M);
}
D[j] := M;
}
}
NOTE: In the above procedure, || denotes concatenation. Also, M || i denotes appending the 32-bit word
representing the value 'i', as defined in section 2 of the SHS. Within the procedure, M is a string of variable
length, determined by the DSSVS; its initial value is assumed to be input. Together, the initial length of
416 bits and the expression "j/4*8 + 24" (where j/4 is integer division) ensure that messages will be of a
byte length. Each element of the resulting sequence {D[j]} should be 160 bits in length.
3.Forwards the resulting 100 message digests stored in D[0], . . . D[99] as a sequence in SHS Response Type 3
with Di = D[j]. This is the last section of the "sha.rsp" file.
*******************************************************************************************************************
In the procedure j can go from 0 to 99, "i" is a 32 bit word, the size of the seed is 416 bits, and the result of an
SHA processing has a size of 160 bits.
Based on that the size of M that is passed to SHA for processing will be as follow.
416 + 0 + 24 + 32 = 472 bits
160 + 0 + 24 + 32 = 216 bits
Then as j increments the size of M will increment with a byte length up to 408 bits.
That means that after padding only for the M = 472 bits will have two blocks of 512 bits, and for the M =
216 .... 408 bits will have just one block of 512 bits.
Is may understanding correct or I am missing something, because I really have the feeling that I missed something.
Again, thank you very much for any advice.
Marius Corbu.
