Reputation: 554
SHA1 bit-oriented test vector gives wrong digest under openssl
So I came accross this list of test vectors to test the validity of a SHA1 implementation (which you can find at the bottom of http://csrc.nist.gov/groups/STM/cavp/secure-hashing.html)
The majority of the test vectors called "short" (because their size is less than the block size), pass. However, for all the long test vectors, openssl outputs a digest that is different from the one expected.
Example :
Msg = d372b4bf97daa3be77e0d78c123c7bb39dde10c82824c83f2250308320391247da419a167686b7320a5dc49b5cfc686eec76bb7034edaaeb2e029cb91791569e739c1bdb518418ffd07f0001e0
Expected MD = c60a02fffa45deccb075e386be3aa9313c2df4f2
Openssl output = 77 2d ff f3 54 31 2c df 93 e1 94 2f 10 91 f7 f8 78 61 91 c1
N.B : The test vectors are made for bit-oriented implementation. What I understand is that this kind of implementation can calculate the digest of messages that have a size which is not necessarily a byte multiple.
Anyone have a clue why this is happening?
Upvotes: 0
Views: 537
Answers (2)
Reputation: 587
So in response to your comments, I believe the crucial difference in output when you are using the NIST test vectors is that the specified length is very important when doing bit-oriented output. With byte-oriented output, if the NIST message was 98, you can feel confident that the correct input to your SHA algorithm is the bytes b10011000. However if it were bit oriented, it could have len = 6 for example, in which case the correct input to your algorithm is b100110. Or len = 7 with b1001100.
Upvotes: 1
Reputation: 33108
You answered your own question, you're trying to verify the bit mode, but OpenSSL only supports byte mode. Or, at least, they've only ever been issued a FIPS CAVP certificate for byte mode: http://csrc.nist.gov/groups/STM/cavp/documents/shs/shaval.html#2465
SHA-1 (BYTE-only)
SHA-224 (BYTE-only)
SHA-256 (BYTE-only)
SHA-384 (BYTE-only)
SHA-512 (BYTE-only)
If you need a library which has been certified as providing correct answers for BIT values, search that list for "SHA-1 (BIT)". There are a couple, no idea how many of them are consumable API, though.
Or, byte align your data.
Upvotes: 1
Related Questions
- Wrong SHA1 in c++ OPENSSL
- Different output for boost sha1 and openssl library for same input
- Why would OpenSSL be returning a different SHA1 hash output in my terminal?
- SHA1 Mismatches openssl
- OpenSSL SHA1 not validating NIST SHAKE test vector?
- Getting Message Digest from SHA1 message
- Why does sha1_hex("test") return a different value than Digest::SHA->sha1_hex("test")?
- openssl/sha.h seems to compute wrong hash
- Ruby SHA1 sign returns different result than OpenSSL sign
- Correctly getting sha-1 for files using openssl