diff --git a/circuits/hkdf.circom b/circuits/hkdf.circom index d5d1f01..b2b182e 100644 --- a/circuits/hkdf.circom +++ b/circuits/hkdf.circom @@ -6,19 +6,19 @@ include "./hmac/circuits/hmac.circom"; // is : info length // k : key length // m : number of keys to extract -// s : key length -template HKDFSha256(ss,is,k,m,s){ - signal input info[is]; - signal input secret[ss]; +// n : key length +template HKDFSha256(s,i,k,m,n){ + signal input secret[s]; + signal input info[i]; signal input key[k]; - component hmac = HmacSha256(ss, k); - signal output out[m][s]; + component hmac = HmacSha256(s, k); + signal output out[m][n]; hmac.message <== secret; hmac.key <== key; - component extract = Extract(is, 32, m, s); + component extract = Extract(i, 32, m, n); extract.info <== info; extract.key <== hmac.hmac; diff --git a/tests/hkdf.test.ts b/tests/hkdf.test.ts index 531285c..a494ff6 100644 --- a/tests/hkdf.test.ts +++ b/tests/hkdf.test.ts @@ -63,4 +63,37 @@ describe("HKDF", () => { ); }); }); + describe("HKDFSha256", () => { + let circuit: WitnessTester<["secret", "info", "key"], ["out"]>; + before(async () => { + circuit = await circomkit.WitnessTester(`HKDF`, { + file: "hkdf", + template: "HKDFSha256", + params: [32, 0, 32, 2, 16], + }); + console.log("#constraints:", await circuit.getConstraintCount()); + }); + + it("should extract two 16 bytes keys from key", async () => { + await circuit.expectPass( + { + secret: [ + 0x10, 0xd9, 0xcb, 0x53, 0xd1, 0xa4, 0x05, 0xcf, 0xe2, 0x68, 0x6e, 0x08, 0x35, 0x90, 0x4d, 0x48, 0x43, 0x5e, + 0x80, 0x54, 0xa7, 0x9f, 0x98, 0x56, 0x83, 0xd0, 0xff, 0x72, 0x59, 0xf7, 0xa8, 0x04, + ], + info: [], + key: [ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + ], + }, + { + out: [ + [0x5b, 0x02, 0xd2, 0x11, 0x3a, 0xbb, 0x74, 0x49, 0xc3, 0x7d, 0x57, 0xe0, 0xc7, 0x7a, 0x99, 0xc4], + [0x43, 0x7a, 0xb4, 0xc1, 0x85, 0x2f, 0xa9, 0xcc, 0x8e, 0xc5, 0xbd, 0x64, 0x97, 0xf0, 0x31, 0x91], + ], + } + ); + }); + }); });