Hello,
Sorry for sending this message again, but I fought that adding the APENDIX E to the
message will make it more clear.
Can somebody tell me if the following statements are correct. Thank you very much.
According with the DSSVS User's Guide document that can be find on
http://csrc.nist.gov/cryptval/ under SHA-1 topic,
for Type III testing (Pseudorandomly Generated Messages) the appendix E
provides a procedure.
*******************************************************************************************************************
APPENDIX E: Description of the SHS Type 3 Test
This test determines whether the DUT can compute message digests for messages that are
generated using a
given seed, which is provided in "sha.req". A sequence of 100 message digests is
generated by the DUT using this
seed. The DUT portion of the testing procedure is as follows:
The DUT:
1.Obtains SHS Request Type 3 message M (416 bits) from the "sha.req" file (this is
the "seed").
2.Performs the following test, using M as input:
procedure testSHS(M,D[0], . . . D[99])
string M,D[0], . . . D[99];
{
integer i, j, a;
for j = 0 to 99 do
{
for i = 1 to 50000 do
{
for a = 1 to (j/4*8 + 24) do M := M || '0';
/* '0' is the binary zero bit. */
M := M || i;
/* Here, the value for 'i' is expressed as a 32-bit word and concatenated with
'M'. The first bit
concatenated with 'M' is the most significant bit of this 32-bit word. */
M := SHA(M);
}
D[j] := M;
}
}
NOTE: In the above procedure, || denotes concatenation. Also, M || i denotes
appending the 32-bit word
representing the value 'i', as defined in section 2 of the SHS. Within the
procedure, M is a string of variable
length, determined by the DSSVS; its initial value is assumed to be input.
Together, the initial length of
416 bits and the expression "j/4*8 + 24" (where j/4 is integer division) ensure
that messages will be of a
byte length. Each element of the resulting sequence {D[j]} should be 160 bits in
length.
3.Forwards the resulting 100 message digests stored in D[0], . . . D[99] as a
sequence in SHS Response Type 3
with Di = D[j]. This is the last section of the "sha.rsp" file.
*******************************************************************************************************************
In the procedure j can go from 0 to 99, "i" is a 32 bit word, the size of the
seed is 416 bits, and the result of an
SHA processing has a size of 160 bits.
Based on that the size of M that is passed to SHA for processing will be as
follow.
416 + 0 + 24 + 32 = 472 bits
160 + 0 + 24 + 32 = 216 bits
Then as j increments the size of M will increment with a byte length up to 408
bits.
That means that after padding only for the M = 472 bits will have two blocks of
512 bits, and for the M =
216 .... 408 bits will have just one block of 512 bits.
Is may understanding correct or I am missing something, because I really have the
feeling that I missed something.
Again, thank you very much for any advice.
Marius Corbu.
