fix: properly pad sha256 input

argumentcomputer · Feb 7, 2024 · 385e1fd · 385e1fd
1 parent e47a823
commit 385e1fd
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/coprocessor/sha256.rs b/src/coprocessor/sha256.rs
@@ -30,6 +30,10 @@ fn synthesize_sha256<F: LurkField, CS: ConstraintSystem<F>>(
 
     let mut bits = vec![];
 
+    let pad_to_next_len_multiple_of_8 = |bits: &mut Vec<_>| {
+        bits.resize((bits.len() + 7) / 8 * 8, zero.clone());
+    };
+
     for ptr in ptrs {
         let tag_bits = ptr
             .tag()
@@ -39,9 +43,9 @@ fn synthesize_sha256<F: LurkField, CS: ConstraintSystem<F>>(
             .to_bits_le_strict(&mut cs.namespace(|| "preimage_hash_bits"))?;
 
         bits.extend(tag_bits);
-        bits.push(zero.clone()); // need 256 bits (or some multiple of 8).
+        pad_to_next_len_multiple_of_8(&mut bits);
         bits.extend(hash_bits);
-        bits.push(zero.clone()); // need 256 bits (or some multiple of 8).
+        pad_to_next_len_multiple_of_8(&mut bits);
     }
 
     bits.reverse();