generating test vectors

pluto · Sep 18, 2024 · 538dbf3 · 538dbf3
1 parent 4a14455
commit 538dbf3
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 5 deletions.
diff --git a/circuits/test/aes-gcm.test.ts b/circuits/test/aes-gcm.test.ts
@@ -14,7 +14,7 @@ describe("aes-gcm", () => {
   });
 
   it("should have correct output", async () => {
-    let key = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00];
+    let key = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00]; 
     let plainText = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00];
     let iv = [0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00];
     // TODO: Fix hashkey. 
@@ -27,7 +27,7 @@ describe("aes-gcm", () => {
     assert.deepEqual(witness.cipherText, hexBytesToBigInt(expected_output))
   });
 
-  it("should work for self generated test case", async () => {
+  it("should pass with generated test case for 1 block", async () => {
     let circuit_one_block: WitnessTester<["key", "iv", "plainText", "aad"], ["cipherText", "tag"]>;
     circuit_one_block = await circomkit.WitnessTester(`aes-gcm`, {
       file: "aes-gcm/aes-gcm",
@@ -47,7 +47,7 @@ describe("aes-gcm", () => {
     assert.deepEqual(witness.cipherText, hexBytesToBigInt(ct))
   });
 
-  it("should work for multiple blocks", async () => {
+  it("should pass with generated test case for 2 blocks", async () => {
     let circuit_one_block: WitnessTester<["key", "iv", "plainText", "aad"], ["cipherText", "tag"]>;
     circuit_one_block = await circomkit.WitnessTester(`aes-gcm`, {
       file: "aes-gcm/aes-gcm",
@@ -57,7 +57,7 @@ describe("aes-gcm", () => {
 
     const key = hexToBytes('31313131313131313131313131313131');
     const iv = hexToBytes('313131313131313131313131');
-    const msg = hexToBytes('7465737468656c6c6f303030303030307465737468656c6c6f30303030303030');
+    const msg = hexToBytes('7465737468656c6c6f303030303030307465737468656c6c6f30303030303030'); // 34 bytes -> 2 blocks
     const aad = hexToBytes('00000000000000000000000000000000')
     const ct = hexToBytes('2929d2bb1ae94804402b8e776e0d335626756530713e4c065af1d3c4f56e0204');
     const auth_tag = hexToBytes('438542d7f387568c84d23df60b223ecb');
@@ -66,6 +66,28 @@ describe("aes-gcm", () => {
 
     assert.deepEqual(witness.cipherText, hexBytesToBigInt(ct))
   });
+
+  it("should pass with generated test case for 1.5 blocks", async () => {
+    let circuit_one_block: WitnessTester<["key", "iv", "plainText", "aad"], ["cipherText", "tag"]>;
+    circuit_one_block = await circomkit.WitnessTester(`aes-gcm`, {
+      file: "aes-gcm/aes-gcm",
+      template: "AESGCM",
+      params: [32],
+    });
+
+
+    const key = hexToBytes('31313131313131313131313131313131');
+    const iv = hexToBytes('313131313131313131313131');
+    const msg = hexToBytes('7465737468656c6c6f303030307465737468656c6c6f30303030');
+    const aad = hexToBytes('00000000000000000000000000000000')
+    // waylon believes this ciphertext is incorrect because it is bigger than the plain text
+    // it came from `cargo test test_aes_gcm_blocks_1_5 -- --nocapture` 
+    const ct = hexToBytes('2929d2bb1ae94804402b8e776e496615267873287534105a05f1e58a152ccba9a375be97eaab91a269a0');
+
+    const witness = await circuit_one_block.compute({ key: key, iv: iv, plainText: msg, aad: aad }, ["cipherText", "authTag"])
+
+    assert.deepEqual(witness.cipherText, hexBytesToBigInt(ct))
+  });
 });
 
 // signal input key[16]; // 128-bit key

diff --git a/src/main.rs b/src/main.rs
@@ -50,6 +50,8 @@ async fn main() -> io::Result<()> {
 
 #[cfg(test)]
 mod tests {
+    use ghash::GHash;
+
     use super::*;
 
     // Test the AES-GCM-SIV circuit (from electron labs)
@@ -87,12 +89,39 @@ mod tests {
         let test_iv = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31];
 
         let message = String::from("testhello0000000testhello0000000");
-        let aes_payload = Payload { msg: &message.as_bytes(), aad: &[] };
+        let aes_payload = Payload { msg: message.as_bytes(), aad: &[] };
 
         let cipher = Aes128Gcm::new_from_slice(&test_key).unwrap();
         let nonce = GenericArray::from_slice(&test_iv);
         let ct = cipher.encrypt(nonce, aes_payload).expect("error generating ct");
 
+        println!("key={}", hex::encode(test_key));
+        println!("iv={}", hex::encode(test_iv));
+        println!("msg={}", hex::encode(message));
+        println!("ct={}", hex::encode(ct));
+    }
+    #[tokio::test]
+    async fn test_aes_gcm_blocks_1_5() {
+        use aes_gcm::{
+            aead::{generic_array::GenericArray, Aead, NewAead, Payload},
+            Aes128Gcm,
+        };
+
+        let test_key = [
+            0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31,
+            0x31, 0x31,
+        ];
+        let test_iv = [0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31, 0x31];
+
+        // 24 blocks - 1.5 blocks
+        let message = String::from("testhello0000testhello0000"); 
+        let aes_payload = Payload { msg: message.as_bytes(), aad: &[] };
+        let cipher = Aes128Gcm::new_from_slice(&test_key).unwrap();
+        let nonce = GenericArray::from_slice(&test_iv);
+
+        // this is 32 bytes which is seemingly not correct
+        let ct = cipher.encrypt(nonce, aes_payload).expect("error generating ct"); 
+
         println!("key={}", hex::encode(test_key));
         println!("iv={}", hex::encode(test_iv));
         println!("msg={}", hex::encode(message));