Test suite from http://csrc.nist.gov/cryptval/shs.html

				Sample Vectors for SHA-1 Testing

	This file describes tests and vectors that can be used in verifying the correctness of 

an SHA-1 implementation.  However, use of these vectors does not take the place of validation 

obtained through the Cryptographic Module Validation Program.

	There are three areas of the Secure Hash Standard for which test vectors are supplied:

short messages of varying length, selected long messages, and pseudorandomly generated messages.

Since it is possible for an implementation to correctly handle the hashing of byte-oriented

messages (and not messages of a non-byte length), the SHS tests each come in two flavors.  For

both byte oriented and bit oriented messages, the message lengths are given in bits.

Type I Test: Messages of Varying Length

	An implementation of the SHS must be able to correctly generate message digests for

messages of arbitrary length.  This functionality can be tested by supplying the implementation

with 1025 pseudorandomly generated messages with lengths from 0 to 1024 bits (for an implementation

that only hashes byte-oriented data correctly, 129 messages of length 0, 8, 16, 24,...,1024 bits

will be supplied).

Type II Test: Selected Long Messages

	Additional testing of an implementation can be performed by testing that the implementation

can correctly generate digests for longer messages.  A list of 100 messages, each of length > 1024,

is supplied.  These can be used to verify the hashing of longer message lengths.  For bit oriented

testing the messages are from 1025 to 103425 bits long (length=1025+i*1024, where 0<=i<100).  For

byte oriented testing the messages are from 1032 to 103432 (length=1032+i*1024, where 0<=i<100).

Type III Test: Pseudorandomly Generated Messages

	This test determines whether the implementation can compute message digests for messages

that are generated using a given seed.  A sequence of 100 message digests is generated using this

seed.  The digests are generated according to the following pseudocode:

procedure MonteCarlo(string SEED)

{

	integer i, j, a;

	string	M;

	M := SEED;

	for j = 0 to 99 do {

		for i = 1 to 50000 do {

			for a = 1 to (j/4*8 + 24) do M := M || ’0’;	/*‘0' is the binary zero bit. */

			M := M || i; 	/* Here, the value for ‘i’ is expressed as a 32-bit word

					   and concatenated with ‘M’. The first bit

					   concatenated with ‘M’ is the most significant bit of

					   this 32-bit word. */

			M := SHA(M);

			}

		print(M);

		}

	}

NOTE: In the above procedure, || denotes concatenation. Also, M || i denotes appending the 32-bit

word representing the value ‘i’, as defined in section 2 of the SHS.  Within the procedure, M is a string

of variable length. The initial length of 416 bits ensures that the length of M never exceeds 512 bits

during execution of the above procedure, and it ensures that messages will be of a byte length.  Each

element printed should be 160 bits in length.

File formats:

There are two files included for each test type (bit-oriented and byte-oriented).  One file contains

the messages and the other file contains the hashes.

The message files provided use "compact strings" to store the message values.  Compact strings are 

used to represented the messages in a compact form.  A compact string has the form

	z || b || n(1) || n(2) || ... || n(z)

where z>=0 that represents the number of n, b is either 0 or 1, and each n(i) is a decimal integer

representing a positive number.  The length of the compact string is given by the summation of the n(i).

The compact string is interpreted as the representation of the bit string consisting of b repeated n(1) times,

followed by 1-b repeated n(2) times, followed by b repeated n(3) times, and so on.

Example:

	M = 5 1 7 13 5 1 2

	where z = 5 and b = 1.  Then the compact string M represents the bit string

	1111111000000000000011111011

	where 1 is repeated 7 times, 0 is repeated 13 times, 1 is repeated 5 times,

	0 is repeated 1 time, and 1 is repeated 2 times.