From 9c78909571b161e69a84485ba654cdc9810471a1 Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Tue, 27 Aug 2024 16:02:30 +0000 Subject: [PATCH 01/11] only loop over one block at a time --- noir_stdlib/src/hash/sha256.nr | 21 +++++++++---------- .../sha256_regression_5836/Nargo.toml | 7 +++++++ .../sha256_regression_5836/Prover.toml | 1 + .../sha256_regression_5836/src/main.nr | 7 +++++++ 4 files changed, 25 insertions(+), 11 deletions(-) create mode 100644 test_programs/execution_success/sha256_regression_5836/Nargo.toml create mode 100644 test_programs/execution_success/sha256_regression_5836/Prover.toml create mode 100644 test_programs/execution_success/sha256_regression_5836/src/main.nr diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 55cdd984003..0b079fca8ab 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -39,14 +39,10 @@ unconstrained fn build_msg_block_iter( msg_start: u32 ) -> ([u8; 64], u64) { let mut msg_byte_ptr: u64 = 0; // Message byte pointer - for k in msg_start..N { + for k in msg_start..(msg_start + BLOCK_SIZE) { if k as u64 < message_size { msg_block[msg_byte_ptr] = msg[k]; msg_byte_ptr = msg_byte_ptr + 1; - - if msg_byte_ptr == 64 { - msg_byte_ptr = 0; - } } } (msg_block, msg_byte_ptr) @@ -60,17 +56,13 @@ fn verify_msg_block( msg_start: u32 ) -> u64 { let mut msg_byte_ptr: u64 = 0; // Message byte pointer - for k in msg_start..N { + for k in msg_start..(msg_start + BLOCK_SIZE) { if k as u64 < message_size { assert_eq(msg_block[msg_byte_ptr], msg[k]); msg_byte_ptr = msg_byte_ptr + 1; - if msg_byte_ptr == 64 { - // Enough to hash block - msg_byte_ptr = 0; - } } else { // Need to assert over the msg block in the else case as well - if N < 64 { + if N < BLOCK_SIZE { assert_eq(msg_block[msg_byte_ptr], 0); } else { assert_eq(msg_block[msg_byte_ptr], msg[k]); @@ -97,6 +89,7 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { } if !crate::runtime::is_unconstrained() { + assert(msg_byte_ptr <= BLOCK_SIZE as u64); msg_byte_ptr = verify_msg_block(msg, message_size, msg_block, 0); } } @@ -107,7 +100,9 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { msg_block = new_msg_block; msg_byte_ptr = new_msg_byte_ptr; } + if !crate::runtime::is_unconstrained() { + assert(msg_byte_ptr <= BLOCK_SIZE as u64); // Verify the block we are compressing was appropriately constructed msg_byte_ptr = verify_msg_block(msg, message_size, msg_block, BLOCK_SIZE * i); } @@ -116,6 +111,10 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { h = sha256_compression(msg_u8_to_u32(msg_block), h); } + if msg_byte_ptr == BLOCK_SIZE as u64 { + msg_byte_ptr = 0; + } + let last_block = msg_block; // Pad the rest such that we have a [u32; 2] block at the end representing the length // of the message, and a block of 1 0 ... 0 following the message (i.e. [1 << 7, 0, ..., 0]). diff --git a/test_programs/execution_success/sha256_regression_5836/Nargo.toml b/test_programs/execution_success/sha256_regression_5836/Nargo.toml new file mode 100644 index 00000000000..82135e59550 --- /dev/null +++ b/test_programs/execution_success/sha256_regression_5836/Nargo.toml @@ -0,0 +1,7 @@ +[package] +name = "sha256_regression_5836" +type = "bin" +authors = [""] +compiler_version = ">=0.33.0" + +[dependencies] \ No newline at end of file diff --git a/test_programs/execution_success/sha256_regression_5836/Prover.toml b/test_programs/execution_success/sha256_regression_5836/Prover.toml new file mode 100644 index 00000000000..04b03c79b1f --- /dev/null +++ b/test_programs/execution_success/sha256_regression_5836/Prover.toml @@ -0,0 +1 @@ +result = [21, 185, 45, 1, 196, 27, 42, 175, 54, 90, 48, 201, 79, 96, 98, 84, 111, 101, 84, 54, 255, 48, 234, 191, 46, 45, 156, 162, 53, 54, 233, 159] diff --git a/test_programs/execution_success/sha256_regression_5836/src/main.nr b/test_programs/execution_success/sha256_regression_5836/src/main.nr new file mode 100644 index 00000000000..90871b3458e --- /dev/null +++ b/test_programs/execution_success/sha256_regression_5836/src/main.nr @@ -0,0 +1,7 @@ +fn main(result: [u8; 32]) { + let headers = [ + 102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59, 32, 99, 104, 97, 114, 115, 101, 116, 61, 117, 115, 45, 97, 115, 99, 105, 105, 13, 10, 109, 105, 109, 101, 45, 118, 101, 114, 115, 105, 111, 110, 58, 49, 46, 48, 32, 40, 77, 97, 99, 32, 79, 83, 32, 88, 32, 77, 97, 105, 108, 32, 49, 54, 46, 48, 32, 92, 40, 51, 55, 51, 49, 46, 53, 48, 48, 46, 50, 51, 49, 92, 41, 41, 13, 10, 115, 117, 98, 106, 101, 99, 116, 58, 72, 101, 108, 108, 111, 13, 10, 109, 101, 115, 115, 97, 103, 101, 45, 105, 100, 58, 60, 56, 70, 56, 49, 57, 68, 51, 50, 45, 66, 54, 65, 67, 45, 52, 56, 57, 68, 45, 57, 55, 55, 70, 45, 52, 51, 56, 66, 66, 67, 52, 67, 65, 66, 50, 55, 64, 109, 101, 46, 99, 111, 109, 62, 13, 10, 100, 97, 116, 101, 58, 83, 97, 116, 44, 32, 50, 54, 32, 65, 117, 103, 32, 50, 48, 50, 51, 32, 49, 50, 58, 50, 53, 58, 50, 50, 32, 43, 48, 52, 48, 48, 13, 10, 116, 111, 58, 122, 107, 101, 119, 116, 101, 115, 116, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109, 13, 10, 100, 107, 105, 109, 45, 115, 105, 103, 110, 97, 116, 117, 114, 101, 58, 118, 61, 49, 59, 32, 97, 61, 114, 115, 97, 45, 115, 104, 97, 50, 53, 54, 59, 32, 99, 61, 114, 101, 108, 97, 120, 101, 100, 47, 114, 101, 108, 97, 120, 101, 100, 59, 32, 100, 61, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 59, 32, 115, 61, 49, 97, 49, 104, 97, 105, 59, 32, 116, 61, 49, 54, 57, 51, 48, 51, 56, 51, 51, 55, 59, 32, 98, 104, 61, 55, 120, 81, 77, 68, 117, 111, 86, 86, 85, 52, 109, 48, 87, 48, 87, 82, 86, 83, 114, 86, 88, 77, 101, 71, 83, 73, 65, 83, 115, 110, 117, 99, 75, 57, 100, 74, 115, 114, 99, 43, 118, 85, 61, 59, 32, 104, 61, 102, 114, 111, 109, 58, 67, 111, 110, 116, 101, 110, 116, 45, 84, 121, 112, 101, 58, 77, 105, 109, 101, 45, 86, 101, 114, 115, 105, 111, 110, 58, 83, 117, 98, 106, 101, 99, 116, 58, 77, 101, 115, 115, 97, 103, 101, 45, 73, 100, 58, 68, 97, 116, 101, 58, 116, 111, 59, 32, 98, 61 + ]; + let hash = std::hash::sha256_var(headers, headers.len() as u64); + assert_eq(hash, result); +} From 5d92c41255d0c281be0e555ed454f35bad002cd5 Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Tue, 27 Aug 2024 18:16:28 +0000 Subject: [PATCH 02/11] fix how we handle hashing of the final block --- noir_stdlib/src/hash/sha256.nr | 36 ++++++++++++------- .../sha256_regression_5836/Prover.toml | 3 +- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 0b079fca8ab..802a514f120 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -39,7 +39,11 @@ unconstrained fn build_msg_block_iter( msg_start: u32 ) -> ([u8; 64], u64) { let mut msg_byte_ptr: u64 = 0; // Message byte pointer - for k in msg_start..(msg_start + BLOCK_SIZE) { + let mut msg_end = msg_start + BLOCK_SIZE; + if msg_end > N { + msg_end = N; + } + for k in msg_start..msg_end { if k as u64 < message_size { msg_block[msg_byte_ptr] = msg[k]; msg_byte_ptr = msg_byte_ptr + 1; @@ -56,7 +60,11 @@ fn verify_msg_block( msg_start: u32 ) -> u64 { let mut msg_byte_ptr: u64 = 0; // Message byte pointer - for k in msg_start..(msg_start + BLOCK_SIZE) { + let mut msg_end = msg_start + BLOCK_SIZE; + if msg_end > N { + msg_end = N; + } + for k in msg_start..msg_end { if k as u64 < message_size { assert_eq(msg_block[msg_byte_ptr], msg[k]); msg_byte_ptr = msg_byte_ptr + 1; @@ -81,34 +89,38 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { let mut h: [u32; 8] = [1779033703, 3144134277, 1013904242, 2773480762, 1359893119, 2600822924, 528734635, 1541459225]; // Intermediate hash, starting with the canonical initial value let mut msg_byte_ptr = 0; // Pointer into msg_block - if num_blocks == 0 { + for i in 0..num_blocks { unsafe { - let (new_msg_block, new_msg_byte_ptr) = build_msg_block_iter(msg, message_size, msg_block, 0); + let (new_msg_block, new_msg_byte_ptr) = build_msg_block_iter(msg, message_size, msg_block, BLOCK_SIZE * i); msg_block = new_msg_block; msg_byte_ptr = new_msg_byte_ptr; } if !crate::runtime::is_unconstrained() { assert(msg_byte_ptr <= BLOCK_SIZE as u64); - msg_byte_ptr = verify_msg_block(msg, message_size, msg_block, 0); + // Verify the block we are compressing was appropriately constructed + msg_byte_ptr = verify_msg_block(msg, message_size, msg_block, BLOCK_SIZE * i); } + + // Compress the block + h = sha256_compression(msg_u8_to_u32(msg_block), h); } - for i in 0..num_blocks { + let modulo = N % BLOCK_SIZE; + // Handle setup of the final msg block. + // This case is only hit if the msg is less than the block size, + // or our message cannot be evenly split into blocks. + if modulo != 0 { unsafe { - let (new_msg_block, new_msg_byte_ptr) = build_msg_block_iter(msg, message_size, msg_block, BLOCK_SIZE * i); + let (new_msg_block, new_msg_byte_ptr) = build_msg_block_iter(msg, message_size, msg_block, BLOCK_SIZE * num_blocks); msg_block = new_msg_block; msg_byte_ptr = new_msg_byte_ptr; } if !crate::runtime::is_unconstrained() { assert(msg_byte_ptr <= BLOCK_SIZE as u64); - // Verify the block we are compressing was appropriately constructed - msg_byte_ptr = verify_msg_block(msg, message_size, msg_block, BLOCK_SIZE * i); + msg_byte_ptr = verify_msg_block(msg, message_size, msg_block, BLOCK_SIZE * num_blocks); } - - // Hash the block - h = sha256_compression(msg_u8_to_u32(msg_block), h); } if msg_byte_ptr == BLOCK_SIZE as u64 { diff --git a/test_programs/execution_success/sha256_regression_5836/Prover.toml b/test_programs/execution_success/sha256_regression_5836/Prover.toml index 04b03c79b1f..f8393a04c7e 100644 --- a/test_programs/execution_success/sha256_regression_5836/Prover.toml +++ b/test_programs/execution_success/sha256_regression_5836/Prover.toml @@ -1 +1,2 @@ -result = [21, 185, 45, 1, 196, 27, 42, 175, 54, 90, 48, 201, 79, 96, 98, 84, 111, 101, 84, 54, 255, 48, 234, 191, 46, 45, 156, 162, 53, 54, 233, 159] +# Result matched against ethers library +result = [112, 144, 73, 182, 208, 98, 9, 238, 54, 229, 61, 145, 222, 17, 72, 62, 148, 222, 186, 55, 192, 82, 220, 35, 66, 47, 193, 200, 22, 38, 26, 186] From c7de03a3d42f863cd139d405dec14d4e44b3b187 Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Tue, 27 Aug 2024 20:51:53 +0000 Subject: [PATCH 03/11] remove sha256compression from allow constant inputs --- .../noirc_evaluator/src/ssa/acir_gen/acir_ir/acir_variable.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/acir_variable.rs b/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/acir_variable.rs index a6b962a45b2..1608066efcf 100644 --- a/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/acir_variable.rs +++ b/compiler/noirc_evaluator/src/ssa/acir_gen/acir_ir/acir_variable.rs @@ -1435,7 +1435,6 @@ impl AcirContext { name, BlackBoxFunc::MultiScalarMul | BlackBoxFunc::Keccakf1600 - | BlackBoxFunc::Sha256Compression | BlackBoxFunc::Blake2s | BlackBoxFunc::Blake3 | BlackBoxFunc::AND From 266ba46e660b0027515bb3c2b9bef16ceaeeab98 Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Wed, 28 Aug 2024 13:25:16 +0000 Subject: [PATCH 04/11] reduce unconstrained false positives for small sha msgs, still happening on the new larger regression --- noir_stdlib/src/hash/sha256.nr | 49 +++++++++++++++------------------- 1 file changed, 22 insertions(+), 27 deletions(-) diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 802a514f120..7745b854c92 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -1,3 +1,5 @@ +use crate::runtime::is_unconstrained; + // Implementation of SHA-256 mapping a byte array of variable length to // 32 bytes. @@ -90,16 +92,16 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { let mut msg_byte_ptr = 0; // Pointer into msg_block for i in 0..num_blocks { - unsafe { - let (new_msg_block, new_msg_byte_ptr) = build_msg_block_iter(msg, message_size, msg_block, BLOCK_SIZE * i); - msg_block = new_msg_block; - msg_byte_ptr = new_msg_byte_ptr; - } + let (new_msg_block, new_msg_byte_ptr) = unsafe { + build_msg_block_iter(msg, message_size, msg_block, BLOCK_SIZE * i) + }; + msg_block = new_msg_block; - if !crate::runtime::is_unconstrained() { - assert(msg_byte_ptr <= BLOCK_SIZE as u64); + if !is_unconstrained() { // Verify the block we are compressing was appropriately constructed msg_byte_ptr = verify_msg_block(msg, message_size, msg_block, BLOCK_SIZE * i); + } else { + msg_byte_ptr = new_msg_byte_ptr; } // Compress the block @@ -111,15 +113,15 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { // This case is only hit if the msg is less than the block size, // or our message cannot be evenly split into blocks. if modulo != 0 { - unsafe { - let (new_msg_block, new_msg_byte_ptr) = build_msg_block_iter(msg, message_size, msg_block, BLOCK_SIZE * num_blocks); - msg_block = new_msg_block; - msg_byte_ptr = new_msg_byte_ptr; - } + let (new_msg_block, new_msg_byte_ptr) = unsafe { + build_msg_block_iter(msg, message_size, msg_block, BLOCK_SIZE * num_blocks) + }; + msg_block = new_msg_block; - if !crate::runtime::is_unconstrained() { - assert(msg_byte_ptr <= BLOCK_SIZE as u64); + if !is_unconstrained() { msg_byte_ptr = verify_msg_block(msg, message_size, msg_block, BLOCK_SIZE * num_blocks); + } else { + msg_byte_ptr = new_msg_byte_ptr; } } @@ -165,15 +167,15 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { msg_byte_ptr = 0; } - unsafe { - msg_block = attach_len_to_msg_block(msg_block, msg_byte_ptr, message_size); - } + msg_block = unsafe { + attach_len_to_msg_block(msg_block, msg_byte_ptr, message_size) + }; if !crate::runtime::is_unconstrained() { if msg_byte_ptr != 0 { for i in 0..64 { if i as u64 < msg_byte_ptr - 1 { - assert_eq(msg_block[i], last_block[i]); + assert_eq(msg_block[i], msg[BLOCK_SIZE * num_blocks + i]); } } assert_eq(msg_block[msg_byte_ptr - 1], 1 << 7); @@ -199,10 +201,7 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { hash_final_block(msg_block, h) } -unconstrained fn pad_msg_block( - mut msg_block: [u8; 64], - mut msg_byte_ptr: u64 -) -> ([u8; 64], u64) { +unconstrained fn pad_msg_block(mut msg_block: [u8; 64], mut msg_byte_ptr: u64) -> ([u8; 64], u64) { // If i >= 57, there aren't enough bits in the current message block to accomplish this, so // the 1 and 0s fill up the current block, which we then compress accordingly. if msg_byte_ptr >= 57 { @@ -219,11 +218,7 @@ unconstrained fn pad_msg_block( (msg_block, msg_byte_ptr) } -unconstrained fn attach_len_to_msg_block( - mut msg_block: [u8; 64], - mut msg_byte_ptr: u64, - message_size: u64 -) -> [u8; 64] { +unconstrained fn attach_len_to_msg_block(mut msg_block: [u8; 64], mut msg_byte_ptr: u64, message_size: u64) -> [u8; 64] { let len = 8 * message_size; let len_bytes = (len as Field).to_le_bytes(8); for _i in 0..64 { From 4b9b6adccae00f1c520e8cce92db1a7518ebe875 Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Wed, 28 Aug 2024 13:48:02 +0000 Subject: [PATCH 05/11] fix type annot bugs --- noir_stdlib/src/hash/sha256.nr | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 329c89f769e..87cc7eb85cc 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -70,13 +70,6 @@ fn verify_msg_block( if k as u64 < message_size { assert_eq(msg_block[msg_byte_ptr], msg[k]); msg_byte_ptr = msg_byte_ptr + 1; - } else { - // Need to assert over the msg block in the else case as well - if N < BLOCK_SIZE { - assert_eq(msg_block[msg_byte_ptr], 0); - } else { - assert_eq(msg_block[msg_byte_ptr], msg[k]); - } } } msg_byte_ptr @@ -201,7 +194,7 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { hash_final_block(msg_block, h) } -unconstrained fn pad_msg_block(mut msg_block: [u8; 64], mut msg_byte_ptr: u64) -> ([u8; 64], u64) { +unconstrained fn pad_msg_block(mut msg_block: [u8; 64], mut msg_byte_ptr: u64) -> ([u8; 64], u64) { // If i >= 57, there aren't enough bits in the current message block to accomplish this, so // the 1 and 0s fill up the current block, which we then compress accordingly. if msg_byte_ptr >= 57 { @@ -218,7 +211,7 @@ unconstrained fn pad_msg_block(mut msg_block: [u8; 64], mut msg_byte (msg_block, msg_byte_ptr) } -unconstrained fn attach_len_to_msg_block(mut msg_block: [u8; 64], mut msg_byte_ptr: u64, message_size: u64) -> [u8; 64] { +unconstrained fn attach_len_to_msg_block(mut msg_block: [u8; 64], mut msg_byte_ptr: u64, message_size: u64) -> [u8; 64] { let len = 8 * message_size; let len_bytes = (len as Field).to_le_bytes(8); for _i in 0..64 { From 9bf7f700222fb163838e60fffd08b84d3f7f759d Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Wed, 28 Aug 2024 14:08:11 +0000 Subject: [PATCH 06/11] do not overwrite block in build_msg_block_iter --- noir_stdlib/src/hash/sha256.nr | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 87cc7eb85cc..fe7958f0a58 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -34,12 +34,8 @@ fn msg_u8_to_u32(msg: [u8; 64]) -> [u32; 16] { msg32 } -unconstrained fn build_msg_block_iter( - msg: [u8; N], - message_size: u64, - mut msg_block: [u8; 64], - msg_start: u32 -) -> ([u8; 64], u64) { +unconstrained fn build_msg_block_iter(msg: [u8; N], message_size: u64, msg_start: u32) -> ([u8; 64], u64) { + let mut msg_block: [u8; BLOCK_SIZE] = [0; BLOCK_SIZE]; let mut msg_byte_ptr: u64 = 0; // Message byte pointer let mut msg_end = msg_start + BLOCK_SIZE; if msg_end > N { @@ -66,12 +62,20 @@ fn verify_msg_block( if msg_end > N { msg_end = N; } + for k in msg_start..msg_end { if k as u64 < message_size { assert_eq(msg_block[msg_byte_ptr], msg[k]); msg_byte_ptr = msg_byte_ptr + 1; } } + + for i in 0..BLOCK_SIZE { + if i as u64 >= msg_byte_ptr { + assert_eq(msg_block[msg_byte_ptr], 0); + } + } + msg_byte_ptr } @@ -86,7 +90,7 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { for i in 0..num_blocks { let (new_msg_block, new_msg_byte_ptr) = unsafe { - build_msg_block_iter(msg, message_size, msg_block, BLOCK_SIZE * i) + build_msg_block_iter(msg, message_size, BLOCK_SIZE * i) }; msg_block = new_msg_block; @@ -107,7 +111,7 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { // or our message cannot be evenly split into blocks. if modulo != 0 { let (new_msg_block, new_msg_byte_ptr) = unsafe { - build_msg_block_iter(msg, message_size, msg_block, BLOCK_SIZE * num_blocks) + build_msg_block_iter(msg, message_size, BLOCK_SIZE * num_blocks) }; msg_block = new_msg_block; From 3f471b745c8b89a9b63b119eda8fb3b26fa8ddf5 Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Wed, 28 Aug 2024 14:26:18 +0000 Subject: [PATCH 07/11] simplify msg block verification --- noir_stdlib/src/hash/sha256.nr | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index fe7958f0a58..6c4ffe7a512 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -59,20 +59,23 @@ fn verify_msg_block( ) -> u64 { let mut msg_byte_ptr: u64 = 0; // Message byte pointer let mut msg_end = msg_start + BLOCK_SIZE; + let mut extra_bytes = 0; if msg_end > N { msg_end = N; + extra_bytes = msg_end - N; } for k in msg_start..msg_end { if k as u64 < message_size { - assert_eq(msg_block[msg_byte_ptr], msg[k]); msg_byte_ptr = msg_byte_ptr + 1; } } for i in 0..BLOCK_SIZE { if i as u64 >= msg_byte_ptr { - assert_eq(msg_block[msg_byte_ptr], 0); + assert_eq(msg_block[i], 0); + } else { + assert_eq(msg_block[i], msg[msg_start + i - extra_bytes]); } } From cd6a7faa1f8a3ef94efeec8729fb4d9face6896a Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Wed, 28 Aug 2024 15:56:47 +0000 Subject: [PATCH 08/11] make it not a dumb circuit anymore --- .../execution_success/sha256_regression_5836/Prover.toml | 5 ++++- .../execution_success/sha256_regression_5836/src/main.nr | 5 +---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test_programs/execution_success/sha256_regression_5836/Prover.toml b/test_programs/execution_success/sha256_regression_5836/Prover.toml index f8393a04c7e..a5eb971dd5c 100644 --- a/test_programs/execution_success/sha256_regression_5836/Prover.toml +++ b/test_programs/execution_success/sha256_regression_5836/Prover.toml @@ -1,2 +1,5 @@ -# Result matched against ethers library +# headers = [102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59, 32, 99, 104, 97, 114, 115, 101, 116] +headers = [102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59, 32, 99, 104, 97, 114, 115, 101, 116, 61, 117, 115, 45, 97, 115, 99, 105, 105, 13, 10, 109, 105, 109, 101, 45, 118, 101, 114, 115, 105, 111, 110, 58, 49, 46, 48, 32, 40, 77, 97, 99, 32, 79, 83, 32, 88, 32, 77, 97, 105, 108, 32, 49, 54, 46, 48, 32, 92, 40, 51, 55, 51, 49, 46, 53, 48, 48, 46, 50, 51, 49, 92, 41, 41, 13, 10, 115, 117, 98, 106, 101, 99, 116, 58, 72, 101, 108, 108, 111, 13, 10, 109, 101, 115, 115, 97, 103, 101, 45, 105, 100, 58, 60, 56, 70, 56, 49, 57, 68, 51, 50, 45, 66, 54, 65, 67, 45, 52, 56, 57, 68, 45, 57, 55, 55, 70, 45, 52, 51, 56, 66, 66, 67, 52, 67, 65, 66, 50, 55, 64, 109, 101, 46, 99, 111, 109, 62, 13, 10, 100, 97, 116, 101, 58, 83, 97, 116, 44, 32, 50, 54, 32, 65, 117, 103, 32, 50, 48, 50, 51, 32, 49, 50, 58, 50, 53, 58, 50, 50, 32, 43, 48, 52, 48, 48, 13, 10, 116, 111, 58, 122, 107, 101, 119, 116, 101, 115, 116, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109, 13, 10, 100, 107, 105, 109, 45, 115, 105, 103, 110, 97, 116, 117, 114, 101, 58, 118, 61, 49, 59, 32, 97, 61, 114, 115, 97, 45, 115, 104, 97, 50, 53, 54, 59, 32, 99, 61, 114, 101, 108, 97, 120, 101, 100, 47, 114, 101, 108, 97, 120, 101, 100, 59, 32, 100, 61, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 59, 32, 115, 61, 49, 97, 49, 104, 97, 105, 59, 32, 116, 61, 49, 54, 57, 51, 48, 51, 56, 51, 51, 55, 59, 32, 98, 104, 61, 55, 120, 81, 77, 68, 117, 111, 86, 86, 85, 52, 109, 48, 87, 48, 87, 82, 86, 83, 114, 86, 88, 77, 101, 71, 83, 73, 65, 83, 115, 110, 117, 99, 75, 57, 100, 74, 115, 114, 99, 43, 118, 85, 61, 59, 32, 104, 61, 102, 114, 111, 109, 58, 67, 111, 110, 116, 101, 110, 116, 45, 84, 121, 112, 101, 58, 77, 105, 109, 101, 45, 86, 101, 114, 115, 105, 111, 110, 58, 83, 117, 98, 106, 101, 99, 116, 58, 77, 101, 115, 115, 97, 103, 101, 45, 73, 100, 58, 68, 97, 116, 101, 58, 116, 111, 59, 32, 98, 61] +# Result matched against ethers library +# result = [91, 122, 146, 93, 52, 109, 133, 148, 171, 61, 156, 70, 189, 238, 153, 7, 222, 184, 94, 24, 65, 114, 192, 244, 207, 199, 87, 232, 192, 224, 171, 207] result = [112, 144, 73, 182, 208, 98, 9, 238, 54, 229, 61, 145, 222, 17, 72, 62, 148, 222, 186, 55, 192, 82, 220, 35, 66, 47, 193, 200, 22, 38, 26, 186] diff --git a/test_programs/execution_success/sha256_regression_5836/src/main.nr b/test_programs/execution_success/sha256_regression_5836/src/main.nr index 90871b3458e..adfb3373748 100644 --- a/test_programs/execution_success/sha256_regression_5836/src/main.nr +++ b/test_programs/execution_success/sha256_regression_5836/src/main.nr @@ -1,7 +1,4 @@ -fn main(result: [u8; 32]) { - let headers = [ - 102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59, 32, 99, 104, 97, 114, 115, 101, 116, 61, 117, 115, 45, 97, 115, 99, 105, 105, 13, 10, 109, 105, 109, 101, 45, 118, 101, 114, 115, 105, 111, 110, 58, 49, 46, 48, 32, 40, 77, 97, 99, 32, 79, 83, 32, 88, 32, 77, 97, 105, 108, 32, 49, 54, 46, 48, 32, 92, 40, 51, 55, 51, 49, 46, 53, 48, 48, 46, 50, 51, 49, 92, 41, 41, 13, 10, 115, 117, 98, 106, 101, 99, 116, 58, 72, 101, 108, 108, 111, 13, 10, 109, 101, 115, 115, 97, 103, 101, 45, 105, 100, 58, 60, 56, 70, 56, 49, 57, 68, 51, 50, 45, 66, 54, 65, 67, 45, 52, 56, 57, 68, 45, 57, 55, 55, 70, 45, 52, 51, 56, 66, 66, 67, 52, 67, 65, 66, 50, 55, 64, 109, 101, 46, 99, 111, 109, 62, 13, 10, 100, 97, 116, 101, 58, 83, 97, 116, 44, 32, 50, 54, 32, 65, 117, 103, 32, 50, 48, 50, 51, 32, 49, 50, 58, 50, 53, 58, 50, 50, 32, 43, 48, 52, 48, 48, 13, 10, 116, 111, 58, 122, 107, 101, 119, 116, 101, 115, 116, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109, 13, 10, 100, 107, 105, 109, 45, 115, 105, 103, 110, 97, 116, 117, 114, 101, 58, 118, 61, 49, 59, 32, 97, 61, 114, 115, 97, 45, 115, 104, 97, 50, 53, 54, 59, 32, 99, 61, 114, 101, 108, 97, 120, 101, 100, 47, 114, 101, 108, 97, 120, 101, 100, 59, 32, 100, 61, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 59, 32, 115, 61, 49, 97, 49, 104, 97, 105, 59, 32, 116, 61, 49, 54, 57, 51, 48, 51, 56, 51, 51, 55, 59, 32, 98, 104, 61, 55, 120, 81, 77, 68, 117, 111, 86, 86, 85, 52, 109, 48, 87, 48, 87, 82, 86, 83, 114, 86, 88, 77, 101, 71, 83, 73, 65, 83, 115, 110, 117, 99, 75, 57, 100, 74, 115, 114, 99, 43, 118, 85, 61, 59, 32, 104, 61, 102, 114, 111, 109, 58, 67, 111, 110, 116, 101, 110, 116, 45, 84, 121, 112, 101, 58, 77, 105, 109, 101, 45, 86, 101, 114, 115, 105, 111, 110, 58, 83, 117, 98, 106, 101, 99, 116, 58, 77, 101, 115, 115, 97, 103, 101, 45, 73, 100, 58, 68, 97, 116, 101, 58, 116, 111, 59, 32, 98, 61 - ]; +fn main(headers: [u8; 472], result: pub [u8; 32]) { let hash = std::hash::sha256_var(headers, headers.len() as u64); assert_eq(hash, result); } From 3eba719c4cbdd24106c41427bd30f87cc7d2478c Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Wed, 28 Aug 2024 19:29:40 +0000 Subject: [PATCH 09/11] rename test and cleanup sha256 --- noir_stdlib/src/hash/sha256.nr | 45 ++++++++----------- .../Nargo.toml | 2 +- .../sha256_regression/Prover.toml | 9 ++++ .../sha256_regression/src/main.nr | 23 ++++++++++ .../sha256_regression_5836/Prover.toml | 5 --- .../sha256_regression_5836/src/main.nr | 4 -- 6 files changed, 52 insertions(+), 36 deletions(-) rename test_programs/execution_success/{sha256_regression_5836 => sha256_regression}/Nargo.toml (72%) create mode 100644 test_programs/execution_success/sha256_regression/Prover.toml create mode 100644 test_programs/execution_success/sha256_regression/src/main.nr delete mode 100644 test_programs/execution_success/sha256_regression_5836/Prover.toml delete mode 100644 test_programs/execution_success/sha256_regression_5836/src/main.nr diff --git a/noir_stdlib/src/hash/sha256.nr b/noir_stdlib/src/hash/sha256.nr index 6c4ffe7a512..d0e3d5e88c5 100644 --- a/noir_stdlib/src/hash/sha256.nr +++ b/noir_stdlib/src/hash/sha256.nr @@ -83,6 +83,7 @@ fn verify_msg_block( } global BLOCK_SIZE = 64; +global ZERO = 0; // Variable size SHA-256 hash pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { @@ -129,11 +130,17 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { msg_byte_ptr = 0; } - let last_block = msg_block; + // This variable is used to get around the compiler under-constrained check giving a warning. + // We want to check against a constant zero, but if it does not come from the circuit inputs + // or return values the compiler check will issue a warning. + let zero = msg_block[0] - msg_block[0]; + // Pad the rest such that we have a [u32; 2] block at the end representing the length // of the message, and a block of 1 0 ... 0 following the message (i.e. [1 << 7, 0, ..., 0]). msg_block[msg_byte_ptr] = 1 << 7; + let last_block = msg_block; msg_byte_ptr = msg_byte_ptr + 1; + unsafe { let (new_msg_block, new_msg_byte_ptr) = pad_msg_block(msg_block, msg_byte_ptr); msg_block = new_msg_block; @@ -144,18 +151,15 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { if !crate::runtime::is_unconstrained() { for i in 0..64 { - if i as u64 < msg_byte_ptr - 1 { - assert_eq(msg_block[i], last_block[i]); - } + assert_eq(msg_block[i], last_block[i]); } - assert_eq(msg_block[msg_byte_ptr - 1], 1 << 7); // If i >= 57, there aren't enough bits in the current message block to accomplish this, so // the 1 and 0s fill up the current block, which we then compress accordingly. // Not enough bits (64) to store length. Fill up with zeros. for _i in 57..64 { if msg_byte_ptr <= 63 & msg_byte_ptr >= 57 { - assert_eq(msg_block[msg_byte_ptr], 0); + assert_eq(msg_block[msg_byte_ptr], zero); msg_byte_ptr += 1; } } @@ -172,29 +176,18 @@ pub fn sha256_var(msg: [u8; N], message_size: u64) -> [u8; 32] { }; if !crate::runtime::is_unconstrained() { - if msg_byte_ptr != 0 { - for i in 0..64 { - if i as u64 < msg_byte_ptr - 1 { - assert_eq(msg_block[i], msg[BLOCK_SIZE * num_blocks + i]); - } + for i in 0..56 { + if i < msg_byte_ptr { + assert_eq(msg_block[i], last_block[i]); + } else { + assert_eq(msg_block[i], zero); } - assert_eq(msg_block[msg_byte_ptr - 1], 1 << 7); } let len = 8 * message_size; - let len_bytes = (len as Field).to_le_bytes(8); - // In any case, fill blocks up with zeros until the last 64 (i.e. until msg_byte_ptr = 56). - for _ in 0..64 { - if msg_byte_ptr < 56 { - assert_eq(msg_block[msg_byte_ptr], 0); - msg_byte_ptr = msg_byte_ptr + 1; - } - } - - let mut block_idx = 0; + let len_bytes = (len as Field).to_be_bytes(8); for i in 56..64 { - assert_eq(msg_block[63 - block_idx], len_bytes[i - 56]); - block_idx = block_idx + 1; + assert_eq(msg_block[i], len_bytes[i - 56]); } } @@ -220,7 +213,7 @@ unconstrained fn pad_msg_block(mut msg_block: [u8; 64], mut msg_byte_ptr: u64) - unconstrained fn attach_len_to_msg_block(mut msg_block: [u8; 64], mut msg_byte_ptr: u64, message_size: u64) -> [u8; 64] { let len = 8 * message_size; - let len_bytes = (len as Field).to_le_bytes(8); + let len_bytes = (len as Field).to_be_bytes(8); for _i in 0..64 { // In any case, fill blocks up with zeros until the last 64 (i.e. until msg_byte_ptr = 56). if msg_byte_ptr < 56 { @@ -228,7 +221,7 @@ unconstrained fn attach_len_to_msg_block(mut msg_block: [u8; 64], mut msg_byte_p msg_byte_ptr = msg_byte_ptr + 1; } else if msg_byte_ptr < 64 { for j in 0..8 { - msg_block[63 - j] = len_bytes[j]; + msg_block[msg_byte_ptr + j] = len_bytes[j]; } msg_byte_ptr += 8; } diff --git a/test_programs/execution_success/sha256_regression_5836/Nargo.toml b/test_programs/execution_success/sha256_regression/Nargo.toml similarity index 72% rename from test_programs/execution_success/sha256_regression_5836/Nargo.toml rename to test_programs/execution_success/sha256_regression/Nargo.toml index 82135e59550..ce98d000bcb 100644 --- a/test_programs/execution_success/sha256_regression_5836/Nargo.toml +++ b/test_programs/execution_success/sha256_regression/Nargo.toml @@ -1,5 +1,5 @@ [package] -name = "sha256_regression_5836" +name = "sha256_regression" type = "bin" authors = [""] compiler_version = ">=0.33.0" diff --git a/test_programs/execution_success/sha256_regression/Prover.toml b/test_programs/execution_success/sha256_regression/Prover.toml new file mode 100644 index 00000000000..ba0aadd1b75 --- /dev/null +++ b/test_programs/execution_success/sha256_regression/Prover.toml @@ -0,0 +1,9 @@ +msg_just_over_block = [102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59, 32, 99, 104, 97, 114, 115, 101, 116] +msg_multiple_of_block = [102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59, 32, 99, 104, 97, 114, 115, 101, 116, 61, 117, 115, 45, 97, 115, 99, 105, 105, 13, 10, 109, 105, 109, 101, 45, 118, 101, 114, 115, 105, 111, 110, 58, 49, 46, 48, 32, 40, 77, 97, 99, 32, 79, 83, 32, 88, 32, 77, 97, 105, 108, 32, 49, 54, 46, 48, 32, 92, 40, 51, 55, 51, 49, 46, 53, 48, 48, 46, 50, 51, 49, 92, 41, 41, 13, 10, 115, 117, 98, 106, 101, 99, 116, 58, 72, 101, 108, 108, 111, 13, 10, 109, 101, 115, 115, 97, 103, 101, 45, 105, 100, 58, 60, 56, 70, 56, 49, 57, 68, 51, 50, 45, 66, 54, 65, 67, 45, 52, 56, 57, 68, 45, 57, 55, 55, 70, 45, 52, 51, 56, 66, 66, 67, 52, 67, 65, 66, 50, 55, 64, 109, 101, 46, 99, 111, 109, 62, 13, 10, 100, 97, 116, 101, 58, 83, 97, 116, 44, 32, 50, 54, 32, 65, 117, 103, 32, 50, 48, 50, 51, 32, 49, 50, 58, 50, 53, 58, 50, 50, 32, 43, 48, 52, 48, 48, 13, 10, 116, 111, 58, 122, 107, 101, 119, 116, 101, 115, 116, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109, 13, 10, 100, 107, 105, 109, 45, 115, 105, 103, 110, 97, 116, 117, 114, 101, 58, 118, 61, 49, 59, 32, 97, 61, 114, 115, 97, 45, 115, 104, 97, 50, 53, 54, 59, 32, 99, 61, 114, 101, 108, 97, 120, 101, 100, 47, 114, 101, 108, 97, 120, 101, 100, 59, 32, 100, 61, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 59, 32, 115, 61, 49, 97, 49, 104, 97, 105, 59, 32, 116, 61, 49, 54, 57, 51, 48, 51, 56, 51, 51, 55, 59, 32, 98, 104, 61, 55, 120, 81, 77, 68, 117, 111, 86, 86, 85, 52, 109, 48, 87, 48, 87, 82, 86, 83, 114, 86, 88, 77, 101, 71, 83, 73, 65, 83, 115, 110, 117, 99, 75, 57, 100, 74, 115, 114, 99, 43, 118, 85, 61, 59, 32, 104, 61, 102, 114, 111, 109, 58, 67, 111, 110, 116, 101, 110, 116, 45, 84, 121, 112, 101, 58, 77, 105, 109, 101, 45, 86, 101, 114, 115, 105, 111, 110, 58, 83, 117, 98, 106, 101, 99] +msg_just_under_block = [102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59] +msg_big_not_block_multiple = [102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59, 32, 99, 104, 97, 114, 115, 101, 116, 61, 117, 115, 45, 97, 115, 99, 105, 105, 13, 10, 109, 105, 109, 101, 45, 118, 101, 114, 115, 105, 111, 110, 58, 49, 46, 48, 32, 40, 77, 97, 99, 32, 79, 83, 32, 88, 32, 77, 97, 105, 108, 32, 49, 54, 46, 48, 32, 92, 40, 51, 55, 51, 49, 46, 53, 48, 48, 46, 50, 51, 49, 92, 41, 41, 13, 10, 115, 117, 98, 106, 101, 99, 116, 58, 72, 101, 108, 108, 111, 13, 10, 109, 101, 115, 115, 97, 103, 101, 45, 105, 100, 58, 60, 56, 70, 56, 49, 57, 68, 51, 50, 45, 66, 54, 65, 67, 45, 52, 56, 57, 68, 45, 57, 55, 55, 70, 45, 52, 51, 56, 66, 66, 67, 52, 67, 65, 66, 50, 55, 64, 109, 101, 46, 99, 111, 109, 62, 13, 10, 100, 97, 116, 101, 58, 83, 97, 116, 44, 32, 50, 54, 32, 65, 117, 103, 32, 50, 48, 50, 51, 32, 49, 50, 58, 50, 53, 58, 50, 50, 32, 43, 48, 52, 48, 48, 13, 10, 116, 111, 58, 122, 107, 101, 119, 116, 101, 115, 116, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109, 13, 10, 100, 107, 105, 109, 45, 115, 105, 103, 110, 97, 116, 117, 114, 101, 58, 118, 61, 49, 59, 32, 97, 61, 114, 115, 97, 45, 115, 104, 97, 50, 53, 54, 59, 32, 99, 61, 114, 101, 108, 97, 120, 101, 100, 47, 114, 101, 108, 97, 120, 101, 100, 59, 32, 100, 61, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 59, 32, 115, 61, 49, 97, 49, 104, 97, 105, 59, 32, 116, 61, 49, 54, 57, 51, 48, 51, 56, 51, 51, 55, 59, 32, 98, 104, 61, 55, 120, 81, 77, 68, 117, 111, 86, 86, 85, 52, 109, 48, 87, 48, 87, 82, 86, 83, 114, 86, 88, 77, 101, 71, 83, 73, 65, 83, 115, 110, 117, 99, 75, 57, 100, 74, 115, 114, 99, 43, 118, 85, 61, 59, 32, 104, 61, 102, 114, 111, 109, 58, 67, 111, 110, 116, 101, 110, 116, 45, 84, 121, 112, 101, 58, 77, 105, 109, 101, 45, 86, 101, 114, 115, 105, 111, 110, 58, 83, 117, 98, 106, 101, 99, 116, 58, 77, 101, 115, 115, 97, 103, 101, 45, 73, 100, 58, 68, 97, 116, 101, 58, 116, 111, 59, 32, 98, 61] +# Results matched against ethers library +result_just_over_block = [91, 122, 146, 93, 52, 109, 133, 148, 171, 61, 156, 70, 189, 238, 153, 7, 222, 184, 94, 24, 65, 114, 192, 244, 207, 199, 87, 232, 192, 224, 171, 207] +result_multiple_of_block = [116, 90, 151, 31, 78, 22, 138, 180, 211, 189, 69, 76, 227, 200, 155, 29, 59, 123, 154, 60, 47, 153, 203, 129, 157, 251, 48, 2, 79, 11, 65, 47] +result_just_under_block = [143, 140, 76, 173, 222, 123, 102, 68, 70, 149, 207, 43, 39, 61, 34, 79, 216, 252, 213, 165, 74, 16, 110, 74, 29, 64, 138, 167, 30, 1, 9, 119] +result_big = [112, 144, 73, 182, 208, 98, 9, 238, 54, 229, 61, 145, 222, 17, 72, 62, 148, 222, 186, 55, 192, 82, 220, 35, 66, 47, 193, 200, 22, 38, 26, 186] diff --git a/test_programs/execution_success/sha256_regression/src/main.nr b/test_programs/execution_success/sha256_regression/src/main.nr new file mode 100644 index 00000000000..e1069821437 --- /dev/null +++ b/test_programs/execution_success/sha256_regression/src/main.nr @@ -0,0 +1,23 @@ +fn main( + msg_just_over_block: [u8; 68], + result_just_over_block: pub [u8; 32], + msg_multiple_of_block: [u8; 448], + result_multiple_of_block: pub [u8; 32], + // We want to make sure we are testing a message with a size >= 57 but < 64 + msg_just_under_block: [u8; 60], + result_just_under_block: pub [u8; 32], + msg_big_not_block_multiple: [u8; 472], + result_big: pub [u8; 32], +) { + let hash = std::hash::sha256_var(msg_just_over_block, msg_just_over_block.len() as u64); + assert_eq(hash, result_just_over_block); + + let hash = std::hash::sha256_var(msg_multiple_of_block, msg_multiple_of_block.len() as u64); + assert_eq(hash, result_multiple_of_block); + + let hash = std::hash::sha256_var(msg_just_under_block, msg_just_under_block.len() as u64); + assert_eq(hash, result_just_under_block); + + let hash = std::hash::sha256_var(msg_big_not_block_multiple, msg_big_not_block_multiple.len() as u64); + assert_eq(hash, result_big); +} diff --git a/test_programs/execution_success/sha256_regression_5836/Prover.toml b/test_programs/execution_success/sha256_regression_5836/Prover.toml deleted file mode 100644 index a5eb971dd5c..00000000000 --- a/test_programs/execution_success/sha256_regression_5836/Prover.toml +++ /dev/null @@ -1,5 +0,0 @@ -# headers = [102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59, 32, 99, 104, 97, 114, 115, 101, 116] -headers = [102, 114, 111, 109, 58, 114, 117, 110, 110, 105, 101, 114, 46, 108, 101, 97, 103, 117, 101, 115, 46, 48, 106, 64, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 13, 10, 99, 111, 110, 116, 101, 110, 116, 45, 116, 121, 112, 101, 58, 116, 101, 120, 116, 47, 112, 108, 97, 105, 110, 59, 32, 99, 104, 97, 114, 115, 101, 116, 61, 117, 115, 45, 97, 115, 99, 105, 105, 13, 10, 109, 105, 109, 101, 45, 118, 101, 114, 115, 105, 111, 110, 58, 49, 46, 48, 32, 40, 77, 97, 99, 32, 79, 83, 32, 88, 32, 77, 97, 105, 108, 32, 49, 54, 46, 48, 32, 92, 40, 51, 55, 51, 49, 46, 53, 48, 48, 46, 50, 51, 49, 92, 41, 41, 13, 10, 115, 117, 98, 106, 101, 99, 116, 58, 72, 101, 108, 108, 111, 13, 10, 109, 101, 115, 115, 97, 103, 101, 45, 105, 100, 58, 60, 56, 70, 56, 49, 57, 68, 51, 50, 45, 66, 54, 65, 67, 45, 52, 56, 57, 68, 45, 57, 55, 55, 70, 45, 52, 51, 56, 66, 66, 67, 52, 67, 65, 66, 50, 55, 64, 109, 101, 46, 99, 111, 109, 62, 13, 10, 100, 97, 116, 101, 58, 83, 97, 116, 44, 32, 50, 54, 32, 65, 117, 103, 32, 50, 48, 50, 51, 32, 49, 50, 58, 50, 53, 58, 50, 50, 32, 43, 48, 52, 48, 48, 13, 10, 116, 111, 58, 122, 107, 101, 119, 116, 101, 115, 116, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109, 13, 10, 100, 107, 105, 109, 45, 115, 105, 103, 110, 97, 116, 117, 114, 101, 58, 118, 61, 49, 59, 32, 97, 61, 114, 115, 97, 45, 115, 104, 97, 50, 53, 54, 59, 32, 99, 61, 114, 101, 108, 97, 120, 101, 100, 47, 114, 101, 108, 97, 120, 101, 100, 59, 32, 100, 61, 105, 99, 108, 111, 117, 100, 46, 99, 111, 109, 59, 32, 115, 61, 49, 97, 49, 104, 97, 105, 59, 32, 116, 61, 49, 54, 57, 51, 48, 51, 56, 51, 51, 55, 59, 32, 98, 104, 61, 55, 120, 81, 77, 68, 117, 111, 86, 86, 85, 52, 109, 48, 87, 48, 87, 82, 86, 83, 114, 86, 88, 77, 101, 71, 83, 73, 65, 83, 115, 110, 117, 99, 75, 57, 100, 74, 115, 114, 99, 43, 118, 85, 61, 59, 32, 104, 61, 102, 114, 111, 109, 58, 67, 111, 110, 116, 101, 110, 116, 45, 84, 121, 112, 101, 58, 77, 105, 109, 101, 45, 86, 101, 114, 115, 105, 111, 110, 58, 83, 117, 98, 106, 101, 99, 116, 58, 77, 101, 115, 115, 97, 103, 101, 45, 73, 100, 58, 68, 97, 116, 101, 58, 116, 111, 59, 32, 98, 61] -# Result matched against ethers library -# result = [91, 122, 146, 93, 52, 109, 133, 148, 171, 61, 156, 70, 189, 238, 153, 7, 222, 184, 94, 24, 65, 114, 192, 244, 207, 199, 87, 232, 192, 224, 171, 207] -result = [112, 144, 73, 182, 208, 98, 9, 238, 54, 229, 61, 145, 222, 17, 72, 62, 148, 222, 186, 55, 192, 82, 220, 35, 66, 47, 193, 200, 22, 38, 26, 186] diff --git a/test_programs/execution_success/sha256_regression_5836/src/main.nr b/test_programs/execution_success/sha256_regression_5836/src/main.nr deleted file mode 100644 index adfb3373748..00000000000 --- a/test_programs/execution_success/sha256_regression_5836/src/main.nr +++ /dev/null @@ -1,4 +0,0 @@ -fn main(headers: [u8; 472], result: pub [u8; 32]) { - let hash = std::hash::sha256_var(headers, headers.len() as u64); - assert_eq(hash, result); -} From cff6b87a891022ecb342bf413a599dd721cfed8b Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Wed, 28 Aug 2024 19:30:41 +0000 Subject: [PATCH 10/11] delete unnecessary test --- .../sha256_var_witness_const_regression/Nargo.toml | 7 ------- .../sha256_var_witness_const_regression/Prover.toml | 2 -- .../sha256_var_witness_const_regression/src/main.nr | 9 --------- 3 files changed, 18 deletions(-) delete mode 100644 test_programs/execution_success/sha256_var_witness_const_regression/Nargo.toml delete mode 100644 test_programs/execution_success/sha256_var_witness_const_regression/Prover.toml delete mode 100644 test_programs/execution_success/sha256_var_witness_const_regression/src/main.nr diff --git a/test_programs/execution_success/sha256_var_witness_const_regression/Nargo.toml b/test_programs/execution_success/sha256_var_witness_const_regression/Nargo.toml deleted file mode 100644 index e8f3e6bbe64..00000000000 --- a/test_programs/execution_success/sha256_var_witness_const_regression/Nargo.toml +++ /dev/null @@ -1,7 +0,0 @@ -[package] -name = "sha256_var_witness_const_regression" -type = "bin" -authors = [""] -compiler_version = ">=0.33.0" - -[dependencies] \ No newline at end of file diff --git a/test_programs/execution_success/sha256_var_witness_const_regression/Prover.toml b/test_programs/execution_success/sha256_var_witness_const_regression/Prover.toml deleted file mode 100644 index 7b91051c1a0..00000000000 --- a/test_programs/execution_success/sha256_var_witness_const_regression/Prover.toml +++ /dev/null @@ -1,2 +0,0 @@ -input = [0, 0] -toggle = false \ No newline at end of file diff --git a/test_programs/execution_success/sha256_var_witness_const_regression/src/main.nr b/test_programs/execution_success/sha256_var_witness_const_regression/src/main.nr deleted file mode 100644 index 97c4435d41d..00000000000 --- a/test_programs/execution_success/sha256_var_witness_const_regression/src/main.nr +++ /dev/null @@ -1,9 +0,0 @@ -fn main(input: [u8; 2], toggle: bool) { - let size: Field = 1 + toggle as Field; - assert(!toggle); - - let variable_sha = std::sha256::sha256_var(input, size as u64); - let constant_sha = std::sha256::sha256_var(input, 1); - - assert_eq(variable_sha, constant_sha); -} From 0a23943746fa102dbac95898949cba885baf2088 Mon Sep 17 00:00:00 2001 From: Maxim Vezenov Date: Wed, 28 Aug 2024 19:35:00 +0000 Subject: [PATCH 11/11] nargo fmt --- .../execution_success/sha256_regression/src/main.nr | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/test_programs/execution_success/sha256_regression/src/main.nr b/test_programs/execution_success/sha256_regression/src/main.nr index e1069821437..855931b4300 100644 --- a/test_programs/execution_success/sha256_regression/src/main.nr +++ b/test_programs/execution_success/sha256_regression/src/main.nr @@ -7,7 +7,7 @@ fn main( msg_just_under_block: [u8; 60], result_just_under_block: pub [u8; 32], msg_big_not_block_multiple: [u8; 472], - result_big: pub [u8; 32], + result_big: pub [u8; 32] ) { let hash = std::hash::sha256_var(msg_just_over_block, msg_just_over_block.len() as u64); assert_eq(hash, result_just_over_block); @@ -18,6 +18,9 @@ fn main( let hash = std::hash::sha256_var(msg_just_under_block, msg_just_under_block.len() as u64); assert_eq(hash, result_just_under_block); - let hash = std::hash::sha256_var(msg_big_not_block_multiple, msg_big_not_block_multiple.len() as u64); + let hash = std::hash::sha256_var( + msg_big_not_block_multiple, + msg_big_not_block_multiple.len() as u64 + ); assert_eq(hash, result_big); }