- Generated by
1.9.8
|
Barretenberg
The ZK-SNARK library at the core of Aztec
|
#include "sha256.hpp"#include "barretenberg/circuit_checker/circuit_checker.hpp"#include "barretenberg/common/test.hpp"#include "barretenberg/crypto/sha256/sha256.hpp"#include "barretenberg/numeric/random/engine.hpp"#include "barretenberg/stdlib/primitives/group/test_utils.hpp"#include "barretenberg/stdlib_circuit_builders/mega_circuit_builder.hpp"#include "barretenberg/stdlib_circuit_builders/ultra_circuit_builder.hpp"Go to the source code of this file.
Classes | |
| class | Sha256Test< Builder > |
Macros | |
| #define | STDLIB_TYPE_ALIASES |
Typedefs | |
| using | BuilderTypes = ::testing::Types< bb::UltraCircuitBuilder, bb::MegaCircuitBuilder > |
Functions | |
| TYPED_TEST_SUITE (Sha256Test, BuilderTypes) | |
| TYPED_TEST (Sha256Test, BlockNistVectorOne) | |
| Test sha256_block against NIST vector one ("abc") | |
| TYPED_TEST (Sha256Test, BlockNistVectorTwo) | |
| Test sha256_block against NIST vector two (56-byte message) | |
| TYPED_TEST (Sha256Test, BlockAllConstants) | |
| Test sha256_block with all-constant inputs produces correct output with zero gates. | |
| TYPED_TEST (Sha256Test, BlockConstantHinitWitnessInput) | |
| Test sha256_block with constant h_init and witness input block. | |
| TYPED_TEST (Sha256Test, BlockWitnessHinitConstantInput) | |
| Test sha256_block with witness h_init and constant input block. | |
| TYPED_TEST (Sha256Test, BlockMixedConstantsAndWitnesses) | |
| Test sha256_block with interleaved constant and witness values within both arrays. | |
| TYPED_TEST (Sha256Test, ExtendWitnessMixedInputs) | |
| Test extend_witness with mixed constant and witness message words. | |
| TYPED_TEST (Sha256Test, ExtendWitnessTamperingFailure) | |
| Test extend_witness constraints (boomerang attack regression) | |
Variables | |
| constexpr std::array< uint32_t, 8 > | SHA256_IV |
| constexpr std::array< uint32_t, 16 > | ABC_PADDED_BLOCK |
| constexpr std::array< uint32_t, 8 > | ABC_EXPECTED |
| #define STDLIB_TYPE_ALIASES |
Definition at line 17 of file sha256.test.cpp.
| using BuilderTypes = ::testing::Types<bb::UltraCircuitBuilder, bb::MegaCircuitBuilder> |
Definition at line 24 of file sha256.test.cpp.
| TYPED_TEST | ( | Sha256Test | , |
| BlockAllConstants | |||
| ) |
Test sha256_block with all-constant inputs produces correct output with zero gates.
When both h_init and input are circuit constants (not witnesses), every plookup operation takes the constant path (no gate creation), and add_normalize_unsafe returns constants directly.
Definition at line 164 of file sha256.test.cpp.
| TYPED_TEST | ( | Sha256Test | , |
| BlockConstantHinitWitnessInput | |||
| ) |
Test sha256_block with constant h_init and witness input block.
This is the natural use case for the first block of a SHA-256 hash: the IV is known at compile time, but the message is a witness. The constant h_init values take the constant plookup path for their initial sparse form conversions, saving gates compared to the all-witness case.
Definition at line 203 of file sha256.test.cpp.
| TYPED_TEST | ( | Sha256Test | , |
| BlockMixedConstantsAndWitnesses | |||
| ) |
Test sha256_block with interleaved constant and witness values within both arrays.
Even-indexed h_init and input words are constants, odd-indexed are witnesses. This exercises the mixed-input paths through plookup (some lookups constant, some witness), extend_witness (lazy sparse conversion with mixed provenance), and add_normalize_unsafe (one constant operand, one witness operand).
Definition at line 273 of file sha256.test.cpp.
| TYPED_TEST | ( | Sha256Test | , |
| BlockNistVectorOne | |||
| ) |
Test sha256_block against NIST vector one ("abc")
This tests the compression function directly by manually padding the message and comparing against the known NIST hash output.
For "abc" (3 bytes):
Definition at line 53 of file sha256.test.cpp.
| TYPED_TEST | ( | Sha256Test | , |
| BlockNistVectorTwo | |||
| ) |
Test sha256_block against NIST vector two (56-byte message)
This tests chained compression by manually padding a two-block message and comparing against the known NIST hash output.
For "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" (56 bytes):
Definition at line 99 of file sha256.test.cpp.
| TYPED_TEST | ( | Sha256Test | , |
| BlockWitnessHinitConstantInput | |||
| ) |
Test sha256_block with witness h_init and constant input block.
This models the second block in a two-block hash where the intermediate hash state is a witness (output of first compression) but the padding block is all constants. The constant message words fold through extend_witness without creating lookup gates, yielding significantly fewer gates than the all-witness case.
Definition at line 238 of file sha256.test.cpp.
| TYPED_TEST | ( | Sha256Test | , |
| ExtendWitnessMixedInputs | |||
| ) |
Test extend_witness with mixed constant and witness message words.
Only input[0] and input[15] are witnesses; the rest are constants. This exercises the lazy sparse conversion and context propagation in extend_witness when inputs have mixed constantness.
Definition at line 316 of file sha256.test.cpp.
| TYPED_TEST | ( | Sha256Test | , |
| ExtendWitnessTamperingFailure | |||
| ) |
Test extend_witness constraints (boomerang attack regression)
This security test verifies that SHA256::extend_witness() properly constrains all 64 extended message schedule words. Modifying any word should cause circuit failure.
Definition at line 364 of file sha256.test.cpp.
| TYPED_TEST_SUITE | ( | Sha256Test | , |
| BuilderTypes | |||
| ) |
|
constexpr |
Definition at line 40 of file sha256.test.cpp.
|
constexpr |
Definition at line 34 of file sha256.test.cpp.
|
constexpr |
Definition at line 30 of file sha256.test.cpp.
1.9.8