Merge pull request #1114 from Zokrates/sha256-padded

Add sha256 with padding to stdlib
2025-09-24 04:40:05 +00:00 · 2022-04-04 10:54:59 +02:00 · 2022-04-04 10:54:59 +02:00 · 99301d7521
commit 99301d7521
parent 20dea96763 7c14f564c4
4 changed files with 96 additions and 0 deletions
--- a/changelogs/unreleased/1114-dark64
+++ b/changelogs/unreleased/1114-dark64
@ -0,0 +1 @@
+Add sha256 with padding for arbitrary input size to stdlib
--- a/zokrates_stdlib/stdlib/hashes/sha256/sha256Padded.zok
+++ b/zokrates_stdlib/stdlib/hashes/sha256/sha256Padded.zok
@ -0,0 +1,45 @@
+import "hashes/sha256/sha256"
+import "utils/casts/u8_to_bits"
+import "utils/casts/u32_to_bits"
+import "utils/casts/u32_from_bits"
+
+// A padding function that takes a bool[L] array as input and pads it to 512-bit blocks
+def pad<L, M>(bool[L] m) -> u32[M][16]:
+   u32 length = L + 64 + 1
+   assert(length / 512 + 1 == M)
+
+   u32 r = length % 512
+   u32 k = 512 - r
+   bool[M * 512] result_in_bits = [...m, true, ...[false; k + 32], ...u32_to_bits(L)]
+   u32[M][16] result = [[0; 16]; M]
+
+   for u32 i in 0..M do
+       for u32 j in 0..16 do
+          u32 start = i * 512 + j * 32
+          u32 end = start + 32
+          result[i][j] = u32_from_bits(result_in_bits[start..end])
+        endfor
+    endfor
+    return result
+
+// A function that takes a bool[N] array as input, pads it,
+// and returns the sha256 output as a u32[8]
+def sha256Padded<N>(bool[N] input) -> u32[8]:
+    u32 block_count = (N + 64 + 1) / 512 + 1
+    u32[block_count][16] padded = pad(input)
+    return sha256(padded)
+
+// A function that takes a u8[N] array as input, pads it,
+// and returns the sha256 output as a u32[8]
+def main<N>(u8[N] input) -> u32[8]:
+    u32 L = N * 8
+    bool[L] input_bits = [false; L]
+
+    for u32 i in 0..N do
+        bool[8] bits = u8_to_bits(input[i])
+        for u32 j in 0..8 do
+            input_bits[i * 8 + j] = bits[j]
+        endfor
+    endfor
+
+    return sha256Padded(input_bits)
--- a/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.json
+++ b/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.json
@ -0,0 +1,14 @@
+{
+    "entry_point": "./tests/tests/hashes/sha256/sha256Padded.zok",
+    "curves": ["Bn128"],
+    "tests": [{
+        "input": {
+            "values": []
+        },
+        "output": {
+            "Ok": {
+                "values": []
+            }
+        }
+    }]
+}
--- a/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.zok
+++ b/zokrates_stdlib/tests/tests/hashes/sha256/sha256Padded.zok
@ -0,0 +1,36 @@
+import "hashes/sha256/sha256Padded.zok"
+
+// NIST FIPS 180-2 Test Vectors, section "Secure Hashing" - SHA-256
+// https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values
+// https://csrc.nist.gov/csrc/media/publications/fips/180/2/archive/2002-08-01/documents/fips180-2.pdf
+
+def main():
+    // abc
+    u8[3] v1 = [0x61, 0x62, 0x63]
+    u32[8] h1 = sha256Padded(v1)
+    assert(h1 == [0xba7816bf, 0x8f01cfea, 0x414140de, 0x5dae2223, 0xb00361a3, 0x96177a9c, 0xb410ff61, 0xf20015ad])
+
+    // abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq
+    u8[56] v2 = [
+        0x61, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66, 0x64, 0x65, 0x66, 0x67, 0x65,
+        0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69, 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a,
+        0x6b, 0x6c, 0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f, 0x6d, 0x6e, 0x6f,
+        0x70, 0x6e, 0x6f, 0x70, 0x71
+    ]
+    u32[8] h2 = sha256Padded(v2)
+    assert(h2 == [0x248d6a61, 0xd20638b8, 0xe5c02693, 0x0c3e6039, 0xa33ce459, 0x64ff2167, 0xf6ecedd4, 0x19db06c1])
+
+    // abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu
+    u8[112] v3 = [
+        0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x63,
+        0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x65, 0x66,
+        0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x67, 0x68, 0x69,
+        0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x69, 0x6a, 0x6b, 0x6c,
+        0x6d, 0x6e, 0x6f, 0x70, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+        0x70, 0x71, 0x72, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72,
+        0x73, 0x74, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75
+    ]
+    u32[8] h3 = sha256Padded(v3)
+    assert(h3 == [0xcf5b16a7, 0x78af8380, 0x036ce59e, 0x7b049237, 0x0b249b11, 0xe8f07a51, 0xafac4503, 0x7afee9d1])
+
+    return
				`@ -0,0 +1 @@`
				`Add sha256 with padding for arbitrary input size to stdlib`