github-mig/ZoKrates
github-mig/ZoKrates
1
0
Fork 0
mirror of synced 2025-09-23 12:18:44 +00:00
Code Issues Projects Releases Wiki Activity

refactor keccak implementation, fix padding issue

Browse source
This commit is contained in:
dark64 2022-08-02 14:52:05 +02:00
parent 53b62f568b
commit d96dc7e62d
20 changed files with 344 additions and 153 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
zokrates_stdlib/stdlib/hashes/keccak/224bit.zok Normal file
View file

@ -0,0 +1,5 @@
from "hashes/keccak/keccak" import main as keccak;
def main<N>(u8[N] input) -> u8[28] {
return keccak::<_, 28>(input, 0x01);
}

10
zokrates_stdlib/stdlib/hashes/keccak/256bit.zok
View file

@ -1,9 +1,5 @@
from "hashes/keccak/keccak" import keccak, main as keccak_u8;
from "hashes/keccak/keccak" import main as keccak;
def keccak256<N>(u8[N] input) -> u64[4] {
return keccak_u8::<_, 256>(input, 0x0000000000000001)[..4];
}
def main<N>(u64[N] input) -> u64[4] {
return keccak::<_, 256>(input, 0x0000000000000001)[..4];
def main<N>(u8[N] input) -> u8[32] {
return keccak::<_, 32>(input, 0x01);
}

10
zokrates_stdlib/stdlib/hashes/keccak/384bit.zok
View file

@ -1,9 +1,5 @@
from "hashes/keccak/keccak" import keccak, main as keccak_u8;
from "hashes/keccak/keccak" import main as keccak;
def keccak384<N>(u8[N] input) -> u64[6] {
return keccak_u8::<_, 384>(input, 0x0000000000000001)[..6];
}
def main<N>(u64[N] input) -> u64[6] {
return keccak::<_, 384>(input, 0x0000000000000001)[..6];
def main<N>(u8[N] input) -> u8[48] {
return keccak::<_, 48>(input, 0x01);
}

10
zokrates_stdlib/stdlib/hashes/keccak/512bit.zok
View file

@ -1,9 +1,5 @@
from "hashes/keccak/keccak" import keccak, main as keccak_u8;
from "hashes/keccak/keccak" import main as keccak;
def keccak512<N>(u8[N] input) -> u64[8] {
return keccak_u8::<_, 512>(input, 0x0000000000000001)[..8];
}
def main<N>(u64[N] input) -> u64[8] {
return keccak::<_, 512>(input, 0x0000000000000001)[..8];
def main<N>(u8[N] input) -> u8[64] {
return keccak::<_, 64>(input, 0x01);
}

124
zokrates_stdlib/stdlib/hashes/keccak/keccak.zok
View file

@ -1,8 +1,10 @@
// https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
// based on keccak-f[1600] permutation
import "utils/casts/u64_from_bits";
import "utils/casts/u8_to_bits";
import "utils/casts/u8_from_bits";
import "utils/casts/u64_to_bits";
import "utils/casts/u64_from_bits";
const u32[24] RHO = [
1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14,
@ -10,19 +12,19 @@ const u32[24] RHO = [
];
const u32[24] PI = [
10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4,
15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1
];
const u64[24] RC = [
0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
0x8000000000008080, 0x0000000080000001, 0x8000000080008008
0x0000000000000001, 0x0000000000008082, 0x800000000000808a,
0x8000000080008000, 0x000000000000808b, 0x0000000080000001,
0x8000000080008081, 0x8000000000008009, 0x000000000000008a,
0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
0x000000008000808b, 0x800000000000008b, 0x8000000000008089,
0x8000000000008003, 0x8000000000008002, 0x8000000000000080,
0x000000000000800a, 0x800000008000000a, 0x8000000080008081,
0x8000000000008080, 0x0000000080000001, 0x8000000080008008
];
// left rotation
@ -42,6 +44,10 @@ def keccakf(u64[25] mut st) -> u64[25] {
u64[5] mut bc = [0; 5];
u64 mut t = 0;
for u32 i in 0..25 {
st[i] = swap_u64(st[i]);
}
for u32 r in 0..24 {
// theta
for u32 i in 0..5 {
@ -79,42 +85,15 @@ def keccakf(u64[25] mut st) -> u64[25] {
// iota
st[0] = st[0] ^ RC[r];
}
for u32 i in 0..25 {
st[i] = swap_u64(st[i]);
}
return st;
}
def keccak<N, W>(u64[N] mut input, u64 pad) -> u64[25] {
u64[25] mut q = [0; 25];
u32 rate = (200 - (W / 4)) / 8;
u32 mut pt = 0;
// change endianness of inputs from big endian to little endian
for u32 i in 0..N {
input[i] = swap_u64(input[i]);
}
// update
for u32 i in 0..N {
q[pt] = q[pt] ^ input[i];
pt = (pt + 1) % rate;
q = pt == 0 ? keccakf(q) : q;
}
pt = (pad & 0x00000000000000ff) != 0 ? pt : pt - 1;
// finalize
q[pt] = q[pt] ^ pad;
q[rate - 1] = q[rate - 1] ^ 0x8000000000000000;
q = keccakf(q);
// change endianness of output from little endian to big endian
for u32 i in 0..W/64 {
q[i] = swap_u64(q[i]);
}
return q;
}
def u8_array_to_u64(u8[8] input) -> u64 {
def u64_from_u8_array(u8[8] input) -> u64 {
bool[64] bits = [
...u8_to_bits(input[0]),
...u8_to_bits(input[1]),
@ -128,18 +107,55 @@ def u8_array_to_u64(u8[8] input) -> u64 {
return u64_from_bits(bits);
}
def main<N, W>(u8[N] input, u64 pad) -> u64[25] {
u32 L = N / 8;
u32 R = L * 8 == N ? 0 : 1;
u32 len = L + R;
def u64_to_u8_array(u64 input) -> u8[8] {
bool[64] bits = u64_to_bits(input);
return [
u8_from_bits(bits[0..8]),
u8_from_bits(bits[8..16]),
u8_from_bits(bits[16..24]),
u8_from_bits(bits[24..32]),
u8_from_bits(bits[32..40]),
u8_from_bits(bits[40..48]),
u8_from_bits(bits[48..56]),
u8_from_bits(bits[56..64])
];
}
u8[len * 8] padded = [...input, ...[0; len * 8 - N]];
u64[len] mut input_u64 = [0; len];
def to_bytes(u64[25] input) -> u8[200] {
u8[200] mut output = [0; 200];
for u32 i in 0..25 {
u8[8] t = u64_to_u8_array(input[i]);
for u32 j in 0..8 {
output[i * 8 + j] = t[j];
}
}
return output;
}
for u32 i in 0..len {
u32 j = i * 8;
input_u64[i] = u8_array_to_u64(padded[j..j+8]);
def from_bytes(u8[200] input) -> u64[25] {
u64[25] mut output = [0; 25];
for u32 i in 0..25 {
output[i] = u64_from_u8_array(input[i*8..i*8+8]);
}
return output;
}
def main<N, W>(u8[N] mut input, u8 delim) -> u8[W] {
u8[200] mut b = [0; 200];
u32 rate = 200 - (2 * W);
u32 mut pt = 0;
// update
for u32 i in 0..N {
b[pt] = b[pt] ^ input[i];
pt = (pt + 1) % rate;
b = pt == 0 ? to_bytes(keccakf(from_bytes(b))) : b;
}
return keccak::<_, W>(input_u64, pad << ((N % 8) * 8));
// finalize
b[pt] = b[pt] ^ delim;
b[rate - 1] = b[rate - 1] ^ 0x80;
b = to_bytes(keccakf(from_bytes(b)));
return b[..W];
}

5
zokrates_stdlib/stdlib/hashes/sha3/224bit.zok Normal file
View file

@ -0,0 +1,5 @@
from "hashes/keccak/keccak" import main as keccak;
def main<N>(u8[N] input) -> u8[28] {
return keccak::<_, 28>(input, 0x06);
}

10
zokrates_stdlib/stdlib/hashes/sha3/256bit.zok
View file

@ -1,9 +1,5 @@
from "hashes/keccak/keccak" import keccak, main as keccak_u8;
from "hashes/keccak/keccak" import main as keccak;
def sha3_256<N>(u8[N] input) -> u64[4] {
return keccak_u8::<_, 256>(input, 0x0000000000000006)[..4];
}
def main<N>(u64[N] input) -> u64[4] {
return keccak::<_, 256>(input, 0x0000000000000006)[..4];
def main<N>(u8[N] input) -> u8[32] {
return keccak::<_, 32>(input, 0x06);
}

10
zokrates_stdlib/stdlib/hashes/sha3/384bit.zok
View file

@ -1,9 +1,5 @@
from "hashes/keccak/keccak" import keccak, main as keccak_u8;
from "hashes/keccak/keccak" import main as keccak;
def sha3_384<N>(u8[N] input) -> u64[6] {
return keccak_u8::<_, 384>(input, 0x0000000000000006)[..6];
}
def main<N>(u64[N] input) -> u64[6] {
return keccak::<_, 384>(input, 0x0000000000000006)[..6];
def main<N>(u8[N] input) -> u8[48] {
return keccak::<_, 48>(input, 0x06);
}

10
zokrates_stdlib/stdlib/hashes/sha3/512bit.zok
View file

@ -1,9 +1,5 @@
from "hashes/keccak/keccak" import keccak, main as keccak_u8;
from "hashes/keccak/keccak" import main as keccak;
def sha3_512<N>(u8[N] input) -> u64[8] {
return keccak_u8::<_, 512>(input, 0x0000000000000006)[..8];
}
def main<N>(u64[N] input) -> u64[8] {
return keccak::<_, 512>(input, 0x0000000000000006)[..8];
def main<N>(u8[N] input) -> u8[64] {
return keccak::<_, 64>(input, 0x06);
}

15
zokrates_stdlib/tests/tests/hashes/keccak/224bit.json Normal file
View file

@ -0,0 +1,15 @@
{
"entry_point": "./tests/tests/hashes/keccak/224bit.zok",
"tests": [
{
"input": {
"values": []
},
"output": {
"Ok": {
"value": []
}
}
}
]
}

47
zokrates_stdlib/tests/tests/hashes/keccak/224bit.zok Normal file
View file

@ -0,0 +1,47 @@
import "hashes/keccak/224bit" as keccak224;
def main() {
// Python:
// >>> from Crypto.Hash import keccak
// >>> digest = keccak.new(digest_bits=224)
// >>> digest.update(b'\x2a')
// >>> digest.hexdigest()
// '69d40b3f7b3118a1fb193b518a70f279348e4f0835553f37d85f436a'
u8[28] h1 = keccak224::<1>([0x2a]);
assert(h1 == [
0x69, 0xd4, 0x0b, 0x3f, 0x7b, 0x31, 0x18, 0xa1, 0xfb, 0x19, 0x3b, 0x51, 0x8a, 0x70,
0xf2, 0x79, 0x34, 0x8e, 0x4f, 0x08, 0x35, 0x55, 0x3f, 0x37, 0xd8, 0x5f, 0x43, 0x6a
]);
// Python:
// >>> from Crypto.Hash import keccak
// >>> digest = keccak.new(digest_bits=224)
// >>> digest.update(b'\x2a' * 8)
// >>> digest.hexdigest()
// '463b45a39816aeba7c62a75aed7acaaf11f7646217512a2f992ddce0'
u8[28] h2 = keccak224::<8>([0x2a; 8]);
assert(h2 == [
0x46, 0x3b, 0x45, 0xa3, 0x98, 0x16, 0xae, 0xba, 0x7c, 0x62, 0xa7, 0x5a, 0xed, 0x7a,
0xca, 0xaf, 0x11, 0xf7, 0x64, 0x62, 0x17, 0x51, 0x2a, 0x2f, 0x99, 0x2d, 0xdc, 0xe0
]);
// Python:
// >>> from Crypto.Hash import keccak
// >>> input = "hello world".encode()
// >>> input.hex()
// '68656c6c6f20776f726c64'
// >>> digest = keccak.new(digest_bits=224)
// >>> digest.update(input)
// >>> digest.hexdigest()
// '25f3ecfebabe99686282f57f5c9e1f18244cfee2813d33f955aae568'
u8[28] h3 = keccak224::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [
0x25, 0xf3, 0xec, 0xfe, 0xba, 0xbe, 0x99, 0x68, 0x62, 0x82, 0xf5, 0x7f, 0x5c, 0x9e,
0x1f, 0x18, 0x24, 0x4c, 0xfe, 0xe2, 0x81, 0x3d, 0x33, 0xf9, 0x55, 0xaa, 0xe5, 0x68
]);
return;
}

23
zokrates_stdlib/tests/tests/hashes/keccak/256bit.zok
View file

@ -1,4 +1,4 @@
from "hashes/keccak/256bit" import keccak256;
import "hashes/keccak/256bit" as keccak256;
def main() {
// Python:
@ -8,8 +8,11 @@ def main() {
// >>> digest.hexdigest()
// '04994f67dc55b09e814ab7ffc8df3686b4afb2bb53e60eae97ef043fe03fb829'
u64[4] h1 = keccak256::<1>([0x2a]);
assert(h1 == [0x04994f67dc55b09e, 0x814ab7ffc8df3686, 0xb4afb2bb53e60eae, 0x97ef043fe03fb829]);
u8[32] h1 = keccak256::<1>([0x2a]);
assert(h1 == [
0x04, 0x99, 0x4f, 0x67, 0xdc, 0x55, 0xb0, 0x9e, 0x81, 0x4a, 0xb7, 0xff, 0xc8, 0xdf, 0x36, 0x86,
0xb4, 0xaf, 0xb2, 0xbb, 0x53, 0xe6, 0x0e, 0xae, 0x97, 0xef, 0x04, 0x3f, 0xe0, 0x3f, 0xb8, 0x29
]);
// Python:
// >>> from Crypto.Hash import keccak
@ -18,8 +21,11 @@ def main() {
// >>> digest.hexdigest()
// '4d57ecea94f7735c23ae7c02845a500a815c21fc6d6046d2d7d518fad6bebf89'
u64[4] h2 = keccak256::<8>([0x2a; 8]);
assert(h2 == [0x4d57ecea94f7735c, 0x23ae7c02845a500a, 0x815c21fc6d6046d2, 0xd7d518fad6bebf89]);
u8[32] h2 = keccak256::<8>([0x2a; 8]);
assert(h2 == [
0x4d, 0x57, 0xec, 0xea, 0x94, 0xf7, 0x73, 0x5c, 0x23, 0xae, 0x7c, 0x02, 0x84, 0x5a, 0x50, 0x0a,
0x81, 0x5c, 0x21, 0xfc, 0x6d, 0x60, 0x46, 0xd2, 0xd7, 0xd5, 0x18, 0xfa, 0xd6, 0xbe, 0xbf, 0x89
]);
// Python:
// >>> from Crypto.Hash import keccak
@ -31,8 +37,11 @@ def main() {
// >>> digest.hexdigest()
// '47173285a8d7341e5e972fc677286384f802f8ef42a5ec5f03bbfa254cb01fad'
u64[4] h3 = keccak256::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [0x47173285a8d7341e, 0x5e972fc677286384, 0xf802f8ef42a5ec5f, 0x03bbfa254cb01fad]);
u8[32] h3 = keccak256::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [
0x47, 0x17, 0x32, 0x85, 0xa8, 0xd7, 0x34, 0x1e, 0x5e, 0x97, 0x2f, 0xc6, 0x77, 0x28, 0x63, 0x84,
0xf8, 0x02, 0xf8, 0xef, 0x42, 0xa5, 0xec, 0x5f, 0x03, 0xbb, 0xfa, 0x25, 0x4c, 0xb0, 0x1f, 0xad
]);
return;
}

23
zokrates_stdlib/tests/tests/hashes/keccak/384bit.zok
View file

@ -1,4 +1,4 @@
from "hashes/keccak/384bit" import keccak384;
import "hashes/keccak/384bit" as keccak384;
def main() {
// Python:
@ -8,10 +8,11 @@ def main() {
// >>> digest.hexdigest()
// '53403c11270822eebdccc9aca81e0582996de74333909598a4e4c409967fb9da14a1506264996c855eb5d9a42fd21a08'
u64[6] h1 = keccak384::<1>([0x2a]);
u8[48] h1 = keccak384::<1>([0x2a]);
assert(h1 == [
0x53403c11270822ee, 0xbdccc9aca81e0582, 0x996de74333909598,
0xa4e4c409967fb9da, 0x14a1506264996c85, 0x5eb5d9a42fd21a08
0x53, 0x40, 0x3c, 0x11, 0x27, 0x08, 0x22, 0xee, 0xbd, 0xcc, 0xc9, 0xac, 0xa8, 0x1e, 0x05, 0x82,
0x99, 0x6d, 0xe7, 0x43, 0x33, 0x90, 0x95, 0x98, 0xa4, 0xe4, 0xc4, 0x09, 0x96, 0x7f, 0xb9, 0xda,
0x14, 0xa1, 0x50, 0x62, 0x64, 0x99, 0x6c, 0x85, 0x5e, 0xb5, 0xd9, 0xa4, 0x2f, 0xd2, 0x1a, 0x08
]);
// Python:
@ -21,10 +22,11 @@ def main() {
// >>> digest.hexdigest()
// 'ec7216058c28201daeb6fd1599b81fdbd40e229b31bea3b6b3190f21db81b01baf3d000e40801ab59551133efbac6cce'
u64[6] h2 = keccak384::<8>([0x2a; 8]);
u8[48] h2 = keccak384::<8>([0x2a; 8]);
assert(h2 == [
0xec7216058c28201d, 0xaeb6fd1599b81fdb, 0xd40e229b31bea3b6,
0xb3190f21db81b01b, 0xaf3d000e40801ab5, 0x9551133efbac6cce
0xec, 0x72, 0x16, 0x05, 0x8c, 0x28, 0x20, 0x1d, 0xae, 0xb6, 0xfd, 0x15, 0x99, 0xb8, 0x1f, 0xdb,
0xd4, 0x0e, 0x22, 0x9b, 0x31, 0xbe, 0xa3, 0xb6, 0xb3, 0x19, 0x0f, 0x21, 0xdb, 0x81, 0xb0, 0x1b,
0xaf, 0x3d, 0x00, 0x0e, 0x40, 0x80, 0x1a, 0xb5, 0x95, 0x51, 0x13, 0x3e, 0xfb, 0xac, 0x6c, 0xce
]);
// Python:
@ -37,10 +39,11 @@ def main() {
// >>> digest.hexdigest()
// '65fc99339a2a40e99d3c40d695b22f278853ca0f925cde4254bcae5e22ece47e6441f91b6568425adc9d95b0072eb49f'
u64[6] h3 = keccak384::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
u8[48] h3 = keccak384::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [
0x65fc99339a2a40e9, 0x9d3c40d695b22f27, 0x8853ca0f925cde42,
0x54bcae5e22ece47e, 0x6441f91b6568425a, 0xdc9d95b0072eb49f
0x65, 0xfc, 0x99, 0x33, 0x9a, 0x2a, 0x40, 0xe9, 0x9d, 0x3c, 0x40, 0xd6, 0x95, 0xb2, 0x2f, 0x27,
0x88, 0x53, 0xca, 0x0f, 0x92, 0x5c, 0xde, 0x42, 0x54, 0xbc, 0xae, 0x5e, 0x22, 0xec, 0xe4, 0x7e,
0x64, 0x41, 0xf9, 0x1b, 0x65, 0x68, 0x42, 0x5a, 0xdc, 0x9d, 0x95, 0xb0, 0x07, 0x2e, 0xb4, 0x9f
]);
return;
}

26
zokrates_stdlib/tests/tests/hashes/keccak/512bit.zok
View file

@ -1,4 +1,4 @@
from "hashes/keccak/512bit" import keccak512;
import "hashes/keccak/512bit" as keccak512;
def main() {
// Python:
@ -8,10 +8,12 @@ def main() {
// >>> digest.hexdigest()
// 'a470459552991801eca017c8bfeedb376469c9b642a2cca455a3271c5751ad3be53d9f4ddce99613515e954bd3d80d218a2f43f953141ec6bdcaf7ba4a4bad67'
u64[8] h1 = keccak512::<1>([0x2a]);
u8[64] h1 = keccak512::<1>([0x2a]);
assert(h1 == [
0xa470459552991801, 0xeca017c8bfeedb37, 0x6469c9b642a2cca4, 0x55a3271c5751ad3b,
0xe53d9f4ddce99613, 0x515e954bd3d80d21, 0x8a2f43f953141ec6, 0xbdcaf7ba4a4bad67
0xa4, 0x70, 0x45, 0x95, 0x52, 0x99, 0x18, 0x01, 0xec, 0xa0, 0x17, 0xc8, 0xbf, 0xee, 0xdb, 0x37,
0x64, 0x69, 0xc9, 0xb6, 0x42, 0xa2, 0xcc, 0xa4, 0x55, 0xa3, 0x27, 0x1c, 0x57, 0x51, 0xad, 0x3b,
0xe5, 0x3d, 0x9f, 0x4d, 0xdc, 0xe9, 0x96, 0x13, 0x51, 0x5e, 0x95, 0x4b, 0xd3, 0xd8, 0x0d, 0x21,
0x8a, 0x2f, 0x43, 0xf9, 0x53, 0x14, 0x1e, 0xc6, 0xbd, 0xca, 0xf7, 0xba, 0x4a, 0x4b, 0xad, 0x67
]);
// Python:
@ -21,10 +23,12 @@ def main() {
// >>> digest.hexdigest()
// '91e7b4ca7569fb43a180354878bcd807578e207c0dec866d7bc7569d86996a86bce7bd05ab32138797693e76882475a819352919cd81585110e5dfb1c8710337'
u64[8] h2 = keccak512::<8>([0x2a; 8]);
u8[64] h2 = keccak512::<8>([0x2a; 8]);
assert(h2 == [
0x91e7b4ca7569fb43, 0xa180354878bcd807, 0x578e207c0dec866d, 0x7bc7569d86996a86,
0xbce7bd05ab321387, 0x97693e76882475a8, 0x19352919cd815851, 0x10e5dfb1c8710337
0x91, 0xe7, 0xb4, 0xca, 0x75, 0x69, 0xfb, 0x43, 0xa1, 0x80, 0x35, 0x48, 0x78, 0xbc, 0xd8, 0x07,
0x57, 0x8e, 0x20, 0x7c, 0x0d, 0xec, 0x86, 0x6d, 0x7b, 0xc7, 0x56, 0x9d, 0x86, 0x99, 0x6a, 0x86,
0xbc, 0xe7, 0xbd, 0x05, 0xab, 0x32, 0x13, 0x87, 0x97, 0x69, 0x3e, 0x76, 0x88, 0x24, 0x75, 0xa8,
0x19, 0x35, 0x29, 0x19, 0xcd, 0x81, 0x58, 0x51, 0x10, 0xe5, 0xdf, 0xb1, 0xc8, 0x71, 0x03, 0x37
]);
// Python:
@ -37,10 +41,12 @@ def main() {
// >>> digest.hexdigest()
// '3ee2b40047b8060f68c67242175660f4174d0af5c01d47168ec20ed619b0b7c42181f40aa1046f39e2ef9efc6910782a998e0013d172458957957fac9405b67d'
u64[8] h3 = keccak512::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
u8[64] h3 = keccak512::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [
0x3ee2b40047b8060f, 0x68c67242175660f4, 0x174d0af5c01d4716, 0x8ec20ed619b0b7c4,
0x2181f40aa1046f39, 0xe2ef9efc6910782a, 0x998e0013d1724589, 0x57957fac9405b67d
0x3e, 0xe2, 0xb4, 0x00, 0x47, 0xb8, 0x06, 0x0f, 0x68, 0xc6, 0x72, 0x42, 0x17, 0x56, 0x60, 0xf4,
0x17, 0x4d, 0x0a, 0xf5, 0xc0, 0x1d, 0x47, 0x16, 0x8e, 0xc2, 0x0e, 0xd6, 0x19, 0xb0, 0xb7, 0xc4,
0x21, 0x81, 0xf4, 0x0a, 0xa1, 0x04, 0x6f, 0x39, 0xe2, 0xef, 0x9e, 0xfc, 0x69, 0x10, 0x78, 0x2a,
0x99, 0x8e, 0x00, 0x13, 0xd1, 0x72, 0x45, 0x89, 0x57, 0x95, 0x7f, 0xac, 0x94, 0x05, 0xb6, 0x7d
]);
return;
}

35
zokrates_stdlib/tests/tests/hashes/keccak/keccak.zok
View file

@ -1,4 +1,4 @@
from "hashes/keccak/keccak" import keccak;
import "hashes/keccak/keccak";
def main() {
// Python:
@ -8,8 +8,37 @@ def main() {
// >>> digest.hexdigest()
// 'ca85d1976d40dcb6ca3becc8c6596e83c0774f4185cf016a05834f5856a37f39'
u64[4] h = keccak::<1, 256>([0x7a6f6b7261746573], 0x0000000000000001)[..4];
assert(h == [0xca85d1976d40dcb6, 0xca3becc8c6596e83, 0xc0774f4185cf016a, 0x05834f5856a37f39]);
u8[32] h1 = keccak::<_, 32>([0x7a, 0x6f, 0x6b, 0x72, 0x61, 0x74, 0x65, 0x73], 0x01);
assert(h1 == [
0xca, 0x85, 0xd1, 0x97, 0x6d, 0x40, 0xdc, 0xb6, 0xca, 0x3b, 0xec, 0xc8, 0xc6, 0x59, 0x6e, 0x83,
0xc0, 0x77, 0x4f, 0x41, 0x85, 0xcf, 0x01, 0x6a, 0x05, 0x83, 0x4f, 0x58, 0x56, 0xa3, 0x7f, 0x39
]);
// Python:
// >>> from Crypto.Hash import keccak
// >>> digest = keccak.new(digest_bits=256)
// >>> digest.update(b'\x2a' * 135)
// >>> digest.hexdigest()
// '723e2ae02ca8d8fb45dca21e5f6369c4f124da72f217dca5e657a4bbc69b917d'
u8[32] h2 = keccak::<_, 32>([0x2a; 135], 0x01);
assert(h2 == [
0x72, 0x3e, 0x2a, 0xe0, 0x2c, 0xa8, 0xd8, 0xfb, 0x45, 0xdc, 0xa2, 0x1e, 0x5f, 0x63, 0x69, 0xc4,
0xf1, 0x24, 0xda, 0x72, 0xf2, 0x17, 0xdc, 0xa5, 0xe6, 0x57, 0xa4, 0xbb, 0xc6, 0x9b, 0x91, 0x7d
]);
// Python:
// >>> from Crypto.Hash import keccak
// >>> digest = keccak.new(digest_bits=256)
// >>> digest.update(b'\x2a' * 136)
// >>> digest.hexdigest()
// 'e60d5160227cb1b8dc8547deb9c6a2c5e6c3306a1ca155611a73ed2c2324bfc0'
u8[32] h3 = keccak::<_, 32>([0x2a; 136], 0x01);
assert(h3 == [
0xe6, 0x0d, 0x51, 0x60, 0x22, 0x7c, 0xb1, 0xb8, 0xdc, 0x85, 0x47, 0xde, 0xb9, 0xc6, 0xa2, 0xc5,
0xe6, 0xc3, 0x30, 0x6a, 0x1c, 0xa1, 0x55, 0x61, 0x1a, 0x73, 0xed, 0x2c, 0x23, 0x24, 0xbf, 0xc0
]);
return;
}

15
zokrates_stdlib/tests/tests/hashes/sha3/224bit.json Normal file
View file

@ -0,0 +1,15 @@
{
"entry_point": "./tests/tests/hashes/sha3/224bit.zok",
"tests": [
{
"input": {
"values": []
},
"output": {
"Ok": {
"value": []
}
}
}
]
}

47
zokrates_stdlib/tests/tests/hashes/sha3/224bit.zok Normal file
View file

@ -0,0 +1,47 @@
import "hashes/sha3/224bit" as sha3_224;
def main() {
// Python:
// >>> from Crypto.Hash import SHA3_224
// >>> digest = SHA3_224.new()
// >>> digest.update(b'\x2a')
// >>> digest.hexdigest()
// 'b588579919b3947381b5d6260797296695f30ef82b5a204ec00840e5'
u8[28] h1 = sha3_224::<1>([0x2a]);
assert(h1 == [
0xb5, 0x88, 0x57, 0x99, 0x19, 0xb3, 0x94, 0x73, 0x81, 0xb5, 0xd6, 0x26, 0x07, 0x97,
0x29, 0x66, 0x95, 0xf3, 0x0e, 0xf8, 0x2b, 0x5a, 0x20, 0x4e, 0xc0, 0x08, 0x40, 0xe5
]);
// Python:
// >>> from Crypto.Hash import SHA3_224
// >>> digest = SHA3_224.new()
// >>> digest.update(b'\x2a' * 8)
// >>> digest.hexdigest()
// 'e6005b22af6b0f068cf6b158a607ad5ca1b21ca85f2470e6af4b4ca0'
u8[28] h2 = sha3_224::<8>([0x2a; 8]);
assert(h2 == [
0xe6, 0x00, 0x5b, 0x22, 0xaf, 0x6b, 0x0f, 0x06, 0x8c, 0xf6, 0xb1, 0x58, 0xa6, 0x07,
0xad, 0x5c, 0xa1, 0xb2, 0x1c, 0xa8, 0x5f, 0x24, 0x70, 0xe6, 0xaf, 0x4b, 0x4c, 0xa0
]);
// Python:
// >>> from Crypto.Hash import SHA3_224
// >>> input = "hello world".encode()
// >>> input.hex()
// '68656c6c6f20776f726c64'
// >>> digest = SHA3_224.new()
// >>> digest.update(input)
// >>> digest.hexdigest()
// 'dfb7f18c77e928bb56faeb2da27291bd790bc1045cde45f3210bb6c5'
u8[28] h3 = sha3_224::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [
0xdf, 0xb7, 0xf1, 0x8c, 0x77, 0xe9, 0x28, 0xbb, 0x56, 0xfa, 0xeb, 0x2d, 0xa2, 0x72,
0x91, 0xbd, 0x79, 0x0b, 0xc1, 0x04, 0x5c, 0xde, 0x45, 0xf3, 0x21, 0x0b, 0xb6, 0xc5
]);
return;
}

23
zokrates_stdlib/tests/tests/hashes/sha3/256bit.zok
View file

@ -1,4 +1,4 @@
from "hashes/sha3/256bit" import sha3_256;
import "hashes/sha3/256bit" as sha3_256;
def main() {
// Python:
@ -8,8 +8,11 @@ def main() {
// >>> digest.hexdigest()
// '82283b4b030589a7aa0ca28b8e933ac0bd89738a0df509806c864366deec31d7'
u64[4] h1 = sha3_256::<1>([0x2a]);
assert(h1 == [0x82283b4b030589a7, 0xaa0ca28b8e933ac0, 0xbd89738a0df50980, 0x6c864366deec31d7]);
u8[32] h1 = sha3_256::<1>([0x2a]);
assert(h1 == [
0x82, 0x28, 0x3b, 0x4b, 0x03, 0x05, 0x89, 0xa7, 0xaa, 0x0c, 0xa2, 0x8b, 0x8e, 0x93, 0x3a, 0xc0,
0xbd, 0x89, 0x73, 0x8a, 0x0d, 0xf5, 0x09, 0x80, 0x6c, 0x86, 0x43, 0x66, 0xde, 0xec, 0x31, 0xd7
]);
// Python:
// >>> from Crypto.Hash import SHA3_256
@ -18,8 +21,11 @@ def main() {
// >>> digest.hexdigest()
// '02794645c5d54624a86e237cda0cbe980075f3908ccb00fd67befd2a0bbe0b35'
u64[4] h2 = sha3_256::<8>([0x2a; 8]);
assert(h2 == [0x02794645c5d54624, 0xa86e237cda0cbe98, 0x0075f3908ccb00fd, 0x67befd2a0bbe0b35]);
u8[32] h2 = sha3_256::<8>([0x2a; 8]);
assert(h2 == [
0x02, 0x79, 0x46, 0x45, 0xc5, 0xd5, 0x46, 0x24, 0xa8, 0x6e, 0x23, 0x7c, 0xda, 0x0c, 0xbe, 0x98,
0x00, 0x75, 0xf3, 0x90, 0x8c, 0xcb, 0x00, 0xfd, 0x67, 0xbe, 0xfd, 0x2a, 0x0b, 0xbe, 0x0b, 0x35
]);
// Python:
// >>> from Crypto.Hash import SHA3_256
@ -31,8 +37,11 @@ def main() {
// >>> digest.hexdigest()
// '644bcc7e564373040999aac89e7622f3ca71fba1d972fd94a31c3bfbf24e3938'
u64[4] h3 = sha3_256::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [0x644bcc7e56437304, 0x0999aac89e7622f3, 0xca71fba1d972fd94, 0xa31c3bfbf24e3938]);
u8[32] h3 = sha3_256::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [
0x64, 0x4b, 0xcc, 0x7e, 0x56, 0x43, 0x73, 0x04, 0x09, 0x99, 0xaa, 0xc8, 0x9e, 0x76, 0x22, 0xf3,
0xca, 0x71, 0xfb, 0xa1, 0xd9, 0x72, 0xfd, 0x94, 0xa3, 0x1c, 0x3b, 0xfb, 0xf2, 0x4e, 0x39, 0x38
]);
return;
}

23
zokrates_stdlib/tests/tests/hashes/sha3/384bit.zok
View file

@ -1,4 +1,4 @@
from "hashes/sha3/384bit" import sha3_384;
import "hashes/sha3/384bit" as sha3_384;
def main() {
// Python:
@ -8,10 +8,11 @@ def main() {
// >>> digest.hexdigest()
// '386f0e977e65e7609217714a7cd450e145efbc645ad7c7c78d6c9f12b52cb4df22729b2330b7f5267bac9a5750d9130e'
u64[6] h1 = sha3_384::<1>([0x2a]);
u8[48] h1 = sha3_384::<1>([0x2a]);
assert(h1 == [
0x386f0e977e65e760, 0x9217714a7cd450e1, 0x45efbc645ad7c7c7,
0x8d6c9f12b52cb4df, 0x22729b2330b7f526, 0x7bac9a5750d9130e
0x38, 0x6f, 0x0e, 0x97, 0x7e, 0x65, 0xe7, 0x60, 0x92, 0x17, 0x71, 0x4a, 0x7c, 0xd4, 0x50, 0xe1,
0x45, 0xef, 0xbc, 0x64, 0x5a, 0xd7, 0xc7, 0xc7, 0x8d, 0x6c, 0x9f, 0x12, 0xb5, 0x2c, 0xb4, 0xdf,
0x22, 0x72, 0x9b, 0x23, 0x30, 0xb7, 0xf5, 0x26, 0x7b, 0xac, 0x9a, 0x57, 0x50, 0xd9, 0x13, 0x0e
]);
// Python:
@ -21,10 +22,11 @@ def main() {
// >>> digest.hexdigest()
// 'b5e5109aa62d1633ca3b4c8fcf90b71192b7ebbca1159a65546be6bea5a53f748c513f97556e86d3516b3f9384ff4380'
u64[6] h2 = sha3_384::<8>([0x2a; 8]);
u8[48] h2 = sha3_384::<8>([0x2a; 8]);
assert(h2 == [
0xb5e5109aa62d1633, 0xca3b4c8fcf90b711, 0x92b7ebbca1159a65,
0x546be6bea5a53f74, 0x8c513f97556e86d3, 0x516b3f9384ff4380
0xb5, 0xe5, 0x10, 0x9a, 0xa6, 0x2d, 0x16, 0x33, 0xca, 0x3b, 0x4c, 0x8f, 0xcf, 0x90, 0xb7, 0x11,
0x92, 0xb7, 0xeb, 0xbc, 0xa1, 0x15, 0x9a, 0x65, 0x54, 0x6b, 0xe6, 0xbe, 0xa5, 0xa5, 0x3f, 0x74,
0x8c, 0x51, 0x3f, 0x97, 0x55, 0x6e, 0x86, 0xd3, 0x51, 0x6b, 0x3f, 0x93, 0x84, 0xff, 0x43, 0x80
]);
// Python:
@ -37,10 +39,11 @@ def main() {
// >>> digest.hexdigest()
// '83bff28dde1b1bf5810071c6643c08e5b05bdb836effd70b403ea8ea0a634dc4997eb1053aa3593f590f9c63630dd90b'
u64[6] h3 = sha3_384::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
u8[48] h3 = sha3_384::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [
0x83bff28dde1b1bf5, 0x810071c6643c08e5, 0xb05bdb836effd70b,
0x403ea8ea0a634dc4, 0x997eb1053aa3593f, 0x590f9c63630dd90b
0x83, 0xbf, 0xf2, 0x8d, 0xde, 0x1b, 0x1b, 0xf5, 0x81, 0x00, 0x71, 0xc6, 0x64, 0x3c, 0x08, 0xe5,
0xb0, 0x5b, 0xdb, 0x83, 0x6e, 0xff, 0xd7, 0x0b, 0x40, 0x3e, 0xa8, 0xea, 0x0a, 0x63, 0x4d, 0xc4,
0x99, 0x7e, 0xb1, 0x05, 0x3a, 0xa3, 0x59, 0x3f, 0x59, 0x0f, 0x9c, 0x63, 0x63, 0x0d, 0xd9, 0x0b
]);
return;

26
zokrates_stdlib/tests/tests/hashes/sha3/512bit.zok
View file

@ -1,4 +1,4 @@
from "hashes/sha3/512bit" import sha3_512;
import "hashes/sha3/512bit" as sha3_512;
def main() {
// Python:
@ -8,10 +8,12 @@ def main() {
// >>> digest.hexdigest()
// '0f8e235b563113abb8a914eb6efc4a31280f1d2341920dfb88bdd20a00d7e47d601a353e5821142acf0dd9ec53bfe4bfe9a2a16f98933142e1c6938c8939b3a0'
u64[8] h1 = sha3_512::<1>([0x2a]);
u8[64] h1 = sha3_512::<1>([0x2a]);
assert(h1 == [
0x0f8e235b563113ab, 0xb8a914eb6efc4a31, 0x280f1d2341920dfb, 0x88bdd20a00d7e47d,
0x601a353e5821142a, 0xcf0dd9ec53bfe4bf, 0xe9a2a16f98933142, 0xe1c6938c8939b3a0
0x0f, 0x8e, 0x23, 0x5b, 0x56, 0x31, 0x13, 0xab, 0xb8, 0xa9, 0x14, 0xeb, 0x6e, 0xfc, 0x4a, 0x31,
0x28, 0x0f, 0x1d, 0x23, 0x41, 0x92, 0x0d, 0xfb, 0x88, 0xbd, 0xd2, 0x0a, 0x00, 0xd7, 0xe4, 0x7d,
0x60, 0x1a, 0x35, 0x3e, 0x58, 0x21, 0x14, 0x2a, 0xcf, 0x0d, 0xd9, 0xec, 0x53, 0xbf, 0xe4, 0xbf,
0xe9, 0xa2, 0xa1, 0x6f, 0x98, 0x93, 0x31, 0x42, 0xe1, 0xc6, 0x93, 0x8c, 0x89, 0x39, 0xb3, 0xa0
]);
// Python:
@ -21,10 +23,12 @@ def main() {
// >>> digest.hexdigest()
// '5e908c2962bcd38fddd1ae4ed4c44eb3396cad53eb36564881979435e18a8e71eda1cbea2fe0fc6ded0672756312b12f8dad38e7528af173ea10095a28cd5555'
u64[8] h2 = sha3_512::<8>([0x2a; 8]);
u8[64] h2 = sha3_512::<8>([0x2a; 8]);
assert(h2 == [
0x5e908c2962bcd38f, 0xddd1ae4ed4c44eb3, 0x396cad53eb365648, 0x81979435e18a8e71,
0xeda1cbea2fe0fc6d, 0xed0672756312b12f, 0x8dad38e7528af173, 0xea10095a28cd5555
0x5e, 0x90, 0x8c, 0x29, 0x62, 0xbc, 0xd3, 0x8f, 0xdd, 0xd1, 0xae, 0x4e, 0xd4, 0xc4, 0x4e, 0xb3,
0x39, 0x6c, 0xad, 0x53, 0xeb, 0x36, 0x56, 0x48, 0x81, 0x97, 0x94, 0x35, 0xe1, 0x8a, 0x8e, 0x71,
0xed, 0xa1, 0xcb, 0xea, 0x2f, 0xe0, 0xfc, 0x6d, 0xed, 0x06, 0x72, 0x75, 0x63, 0x12, 0xb1, 0x2f,
0x8d, 0xad, 0x38, 0xe7, 0x52, 0x8a, 0xf1, 0x73, 0xea, 0x10, 0x09, 0x5a, 0x28, 0xcd, 0x55, 0x55
]);
// Python:
@ -37,10 +41,12 @@ def main() {
// >>> digest.hexdigest()
// '840006653e9ac9e95117a15c915caab81662918e925de9e004f774ff82d7079a40d4d27b1b372657c61d46d470304c88c788b3a4527ad074d1dccbee5dbaa99a'
u64[8] h3 = sha3_512::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
u8[64] h3 = sha3_512::<11>([0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64]);
assert(h3 == [
0x840006653e9ac9e9, 0x5117a15c915caab8, 0x1662918e925de9e0, 0x04f774ff82d7079a,
0x40d4d27b1b372657, 0xc61d46d470304c88, 0xc788b3a4527ad074, 0xd1dccbee5dbaa99a
0x84, 0x00, 0x06, 0x65, 0x3e, 0x9a, 0xc9, 0xe9, 0x51, 0x17, 0xa1, 0x5c, 0x91, 0x5c, 0xaa, 0xb8,
0x16, 0x62, 0x91, 0x8e, 0x92, 0x5d, 0xe9, 0xe0, 0x04, 0xf7, 0x74, 0xff, 0x82, 0xd7, 0x07, 0x9a,
0x40, 0xd4, 0xd2, 0x7b, 0x1b, 0x37, 0x26, 0x57, 0xc6, 0x1d, 0x46, 0xd4, 0x70, 0x30, 0x4c, 0x88,
0xc7, 0x88, 0xb3, 0xa4, 0x52, 0x7a, 0xd0, 0x74, 0xd1, 0xdc, 0xcb, 0xee, 0x5d, 0xba, 0xa9, 0x9a
]);
return;