SHA-1 testing

2001-01-15 Thread \marius\

Hello,

Can somebody tell me if the following statements are correct. Thank you very much.

   According with the DSSVS User's Guide document that can be find on 
http://csrc.nist.gov/cryptval/ under SHA-1 topic,
   for Type III testing (Pseudorandomly Generated Messages) the appendix E 
provides a procedure.

   In the procedure j can go from 0 to 99, "i" is a 32 bit word, the size of the 
seed is 416 bits, and the result of an
   SHA processing has a size of 160 bits.

   Based on that the size of M that is passed to SHA for processing will be as 
follow.
   416 + 0 + 24 + 32 = 472 bits
   160 + 0 + 24 + 32 = 216 bits
   Then as j increments the size of M will increment with a byte length up to 408 
bits.

   That means that after padding only for the M = 472 bits will have two blocks of 
512 bits, and for the M =
   216  408 bits will have just one block of 512 bits.
   
Is may understanding correct or I am missing something, because I really have the 
feeling that I missed something.
Again, thank you very much for any advice.

Marius Corbu.





SHA-1 testing

2001-01-15 Thread \marius\



Hello,

Sorry for sending this message again, but I fought that adding the APENDIX E to the 
message will make it more clear.

Can somebody tell me if the following statements are correct. Thank you very much.

   According with the DSSVS User's Guide document that can be find on 
http://csrc.nist.gov/cryptval/ under SHA-1 topic,
   for Type III testing (Pseudorandomly Generated Messages) the appendix E 
provides a procedure.
   
***
   
APPENDIX E: Description of the SHS Type 3 Test

This test determines whether the DUT can compute message digests for messages that are 
generated using a
given seed, which is provided in "sha.req". A sequence of 100 message digests is 
generated by the DUT using this
seed. The DUT portion of the testing procedure is as follows:

The DUT:

  1.Obtains SHS Request Type 3 message M (416 bits) from the "sha.req" file (this is 
the "seed").

  2.Performs the following test, using M as input:

procedure testSHS(M,D[0], . . . D[99])
  string M,D[0], . . . D[99];
  {
  integer i, j, a;
  for j = 0 to 99 do
{
for i = 1 to 5 do
{
for a = 1 to (j/4*8 + 24) do M := M || '0'; 

/* '0' is the binary zero bit. */

M := M || i;

/* Here, the value for 'i' is expressed as a 32-bit word and concatenated with 
'M'. The first bit
concatenated with 'M' is the most significant bit of this 32-bit word. */

M := SHA(M);
}
D[j] := M;
}
  }


NOTE: In the above procedure, || denotes concatenation. Also, M || i denotes 
appending the 32-bit word
representing the value 'i', as defined in section 2 of the SHS. Within the 
procedure, M is a string of variable
length, determined by the DSSVS; its initial value is assumed to be input. 
Together, the initial length of
416 bits and the expression "j/4*8 + 24" (where j/4 is integer division) ensure 
that messages will be of a
byte length. Each element of the resulting sequence {D[j]} should be 160 bits in 
length.

  3.Forwards the resulting 100 message digests stored in D[0], . . . D[99] as a 
sequence in SHS Response Type 3
with Di = D[j]. This is the last section of the "sha.rsp" file.

***

   In the procedure j can go from 0 to 99, "i" is a 32 bit word, the size of the 
seed is 416 bits, and the result of an
   SHA processing has a size of 160 bits.

   Based on that the size of M that is passed to SHA for processing will be as 
follow.
   416 + 0 + 24 + 32 = 472 bits
   160 + 0 + 24 + 32 = 216 bits
   Then as j increments the size of M will increment with a byte length up to 408 
bits.

   That means that after padding only for the M = 472 bits will have two blocks of 
512 bits, and for the M =
   216  408 bits will have just one block of 512 bits.
   
Is may understanding correct or I am missing something, because I really have the 
feeling that I missed something.
Again, thank you very much for any advice.

Marius Corbu.