Automatic data generation for self-test of cryptographic hash algorithms in personal security devices
First Claim
1. A method of testing a hash circuit taking T M-bit message blocks serially as input and producing an H-bit message digest as output, the hash circuit including a data expansion circuit taking the M-bit message block as input and producing an E-bit expanded message block as output, the method comprising the steps of:
- (a) loading a predetermined input M-bit test message block MB(1) into the hash circuit;
for each i between 1 and T, inclusive;
(b) performing an expansion by using the data expansion circuit taking an ith M-bit test message block MB (i) as input and producing an ith E-bit expanded test message block as output;
(c) performing a hash by using the hash circuit taking the ith E-bit expanded test message block EMB (i) as input and producing an ith H-bit message digest MD(i) as output; and
(d) using the data expansion circuit taking a portion of the ith E-bit expanded test message block as input to generate;
an i+1th M-bit test message block MB (i+1) as output; and
(e) outputting, by the hash circuit, the Tth H-bit message digest.
1 Assignment
0 Petitions
Accused Products
Abstract
According to the present invention, the solution includes the hardware hash algorithm block to automatically generate data to hash from its initialization values and to run unassisted instead of needing a continuous supply of additional input data. This approach according to the present invention solves the above shortcomings of related solutions by eliminating the need to continuously feed input data to be hashed to obtain a high fault coverage. This reduces the sizes of the firmware and test vectors necessary to test the hardware. Also, since the hardware autonomously generates new data to hash, other hardware modules can be tested in parallel. This reduces the overall test time and cost. To remove the requirement of inputting multiple fixed length sub-blocks, additional sub-blocks are created from the initial sub-block using a hardware expansion function, and the hardware continues to run unattended for some predetermined number of sub-blocks. The hash hardware can use the expansion function, W[i]=W[i-3] xor W[i-8] xor W[i-14] xor W[i-16], to expand existing data into new data, where W[i-x] originates from the initial sub-block. By utilizing the non-linear xor function, W[i] will be random data if any of W[i-3], W[i-8], W[i-14], or W[i-16] are random. This expansion function is good for achieving high fault coverage because the new W values will likely be different from the other W values that have been hashed. This expansion function is convenient to use because it is utilized by the Secure Hash Algorithm as specified by the Secure Hash Standard FIPS PUB 180 and FIPS PUB 180-1 (includes a left rotate by one bit position).
120 Citations
21 Claims
-
1. A method of testing a hash circuit taking T M-bit message blocks serially as input and producing an H-bit message digest as output, the hash circuit including a data expansion circuit taking the M-bit message block as input and producing an E-bit expanded message block as output, the method comprising the steps of:
-
(a) loading a predetermined input M-bit test message block MB(1) into the hash circuit; for each i between 1 and T, inclusive; (b) performing an expansion by using the data expansion circuit taking an ith M-bit test message block MB (i) as input and producing an ith E-bit expanded test message block as output; (c) performing a hash by using the hash circuit taking the ith E-bit expanded test message block EMB (i) as input and producing an ith H-bit message digest MD(i) as output; and (d) using the data expansion circuit taking a portion of the ith E-bit expanded test message block as input to generate;
an i+1th M-bit test message block MB (i+1) as output; and(e) outputting, by the hash circuit, the Tth H-bit message digest. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification