blob: 0fca3f950b980436202fd97b6c74bae95ebf24c6 [file] [log] [blame]
Test suite from
Sample Vectors for SHA-1 Testing
This file describes tests and vectors that can be used in verifying the correctness of
an SHA-1 implementation. However, use of these vectors does not take the place of validation
obtained through the Cryptographic Module Validation Program.
There are three areas of the Secure Hash Standard for which test vectors are supplied:
short messages of varying length, selected long messages, and pseudorandomly generated messages.
Since it is possible for an implementation to correctly handle the hashing of byte-oriented
messages (and not messages of a non-byte length), the SHS tests each come in two flavors. For
both byte oriented and bit oriented messages, the message lengths are given in bits.
Type I Test: Messages of Varying Length
An implementation of the SHS must be able to correctly generate message digests for
messages of arbitrary length. This functionality can be tested by supplying the implementation
with 1025 pseudorandomly generated messages with lengths from 0 to 1024 bits (for an implementation
that only hashes byte-oriented data correctly, 129 messages of length 0, 8, 16, 24,...,1024 bits
will be supplied).
Type II Test: Selected Long Messages
Additional testing of an implementation can be performed by testing that the implementation
can correctly generate digests for longer messages. A list of 100 messages, each of length > 1024,
is supplied. These can be used to verify the hashing of longer message lengths. For bit oriented
testing the messages are from 1025 to 103425 bits long (length=1025+i*1024, where 0<=i<100). For
byte oriented testing the messages are from 1032 to 103432 (length=1032+i*1024, where 0<=i<100).
Type III Test: Pseudorandomly Generated Messages
This test determines whether the implementation can compute message digests for messages
that are generated using a given seed. A sequence of 100 message digests is generated using this
seed. The digests are generated according to the following pseudocode:
procedure MonteCarlo(string SEED)
integer i, j, a;
string M;
M := SEED;
for j = 0 to 99 do {
for i = 1 to 50000 do {
for a = 1 to (j/4*8 + 24) do M := M || ’0’; /*‘0' is the binary zero bit. */
M := M || i; /* Here, the value for ‘i’ is expressed as a 32-bit word
and concatenated with ‘M’. The first bit
concatenated with ‘M’ is the most significant bit of
this 32-bit word. */
M := SHA(M);
NOTE: In the above procedure, || denotes concatenation. Also, M || i denotes appending the 32-bit
word representing the value ‘i’, as defined in section 2 of the SHS. Within the procedure, M is a string
of variable length. The initial length of 416 bits ensures that the length of M never exceeds 512 bits
during execution of the above procedure, and it ensures that messages will be of a byte length. Each
element printed should be 160 bits in length.
File formats:
There are two files included for each test type (bit-oriented and byte-oriented). One file contains
the messages and the other file contains the hashes.
The message files provided use "compact strings" to store the message values. Compact strings are
used to represented the messages in a compact form. A compact string has the form
z || b || n(1) || n(2) || ... || n(z)
where z>=0 that represents the number of n, b is either 0 or 1, and each n(i) is a decimal integer
representing a positive number. The length of the compact string is given by the summation of the n(i).
The compact string is interpreted as the representation of the bit string consisting of b repeated n(1) times,
followed by 1-b repeated n(2) times, followed by b repeated n(3) times, and so on.
M = 5 1 7 13 5 1 2
where z = 5 and b = 1. Then the compact string M represents the bit string
where 1 is repeated 7 times, 0 is repeated 13 times, 1 is repeated 5 times,
0 is repeated 1 time, and 1 is repeated 2 times.