From fd920db07c60b80824903321cb273e0737781079 Mon Sep 17 00:00:00 2001
From: th4s <th4s@metavoid.xyz>
Date: Wed, 13 Dec 2023 13:51:11 +0100
Subject: [PATCH] Add test for ghash

---
 Cargo.lock       | 33 +++++++++++++++++++++++++++++++
 Cargo.toml       |  1 +
 src/ghash/mod.rs | 51 ++++++++++++++++++++++++++++++++++++------------
 3 files changed, 73 insertions(+), 12 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 9909a71..34f2b52 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -441,6 +441,16 @@ dependencies = [
  "wasi",
 ]
 
+[[package]]
+name = "ghash"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d930750de5717d2dd0b8c0d42c076c0e884c81a73e6cab859bbd2339c71e3e40"
+dependencies = [
+ "opaque-debug",
+ "polyval",
+]
+
 [[package]]
 name = "group"
 version = "0.13.0"
@@ -584,6 +594,7 @@ dependencies = [
 name = "ole-protocols"
 version = "0.1.0"
 dependencies = [
+ "ghash",
  "mpz-share-conversion-core",
  "p256",
  "rand",
@@ -638,6 +649,18 @@ dependencies = [
  "spki",
 ]
 
+[[package]]
+name = "polyval"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d52cff9d1d4dee5fe6d03729099f4a310a41179e0a10dbf542039873f2e826fb"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "opaque-debug",
+ "universal-hash",
+]
+
 [[package]]
 name = "ppv-lite86"
 version = "0.2.17"
@@ -877,6 +900,16 @@ version = "1.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
 
+[[package]]
+name = "universal-hash"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea"
+dependencies = [
+ "crypto-common",
+ "subtle",
+]
+
 [[package]]
 name = "version_check"
 version = "0.9.4"
diff --git a/Cargo.toml b/Cargo.toml
index 7e33873..4cdedd6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -9,5 +9,6 @@ edition = "2021"
 mpz-share-conversion-core = { git = "https://github.com/privacy-scaling-explorations/mpz" }
 p256 = { version = "0.13", features = ["arithmetic"] }
 rand = "0.8"
+ghash = "0.5"
 
 
diff --git a/src/ghash/mod.rs b/src/ghash/mod.rs
index 7f1ace7..28fd702 100644
--- a/src/ghash/mod.rs
+++ b/src/ghash/mod.rs
@@ -3,19 +3,15 @@
 mod prover;
 mod verifier;
 
-use mpz_share_conversion_core::{
-    fields::{gf2_128::Gf2_128, UniformRand},
-    Field,
-};
+use mpz_share_conversion_core::{fields::gf2_128::Gf2_128, Field};
 pub use prover::Prover;
 pub use verifier::Verifier;
 
 use crate::ole::Ole;
 
-pub fn ghash(blocks: Vec<Gf2_128>) -> Gf2_128 {
-    let mut rng = rand::thread_rng();
-    let mut prover = Prover::new(blocks.len(), Gf2_128::rand(&mut rng));
-    let mut verifier = Verifier::new(blocks.len(), Gf2_128::rand(&mut rng));
+pub fn ghash(blocks: &[Gf2_128], h_prover: Gf2_128, h_verifier: Gf2_128) -> Gf2_128 {
+    let mut prover = Prover::new(blocks.len(), h_prover);
+    let mut verifier = Verifier::new(blocks.len(), h_verifier);
 
     let mut ole = Ole::default();
 
@@ -35,8 +31,8 @@ pub fn ghash(blocks: Vec<Gf2_128>) -> Gf2_128 {
     prover.handshake_a_set_hi();
     verifier.handshake_a_set_hi();
 
-    let ghash1 = prover.handshake_output_ghash(&blocks);
-    let ghash2 = verifier.handshake_output_ghash(&blocks);
+    let ghash1 = prover.handshake_output_ghash(blocks);
+    let ghash2 = verifier.handshake_output_ghash(blocks);
 
     ghash1 + ghash2
 }
@@ -63,11 +59,29 @@ fn pascal_tri<T: Field>(n: usize) -> Vec<Vec<T>> {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use mpz_share_conversion_core::fields::p256::P256;
+    use ghash::{
+        universal_hash::{KeyInit, UniversalHash},
+        GHash,
+    };
+    use mpz_share_conversion_core::fields::{p256::P256, UniformRand};
+    use p256::elliptic_curve::generic_array::GenericArray;
+    use rand::thread_rng;
 
     #[test]
     fn test_ghash() {
-        todo!()
+        let mut rng = thread_rng();
+
+        // The Ghash key
+        let h1: Gf2_128 = Gf2_128::rand(&mut rng);
+        let h2: Gf2_128 = Gf2_128::rand(&mut rng);
+        let h = h1 + h2;
+
+        let blocks: Vec<Gf2_128> = (0..10).map(|_| Gf2_128::rand(&mut rng)).collect();
+
+        let ghash = ghash(&blocks, h1, h2);
+        let ghash_expected = ghash_reference_impl(h.to_inner().reverse_bits(), &blocks);
+
+        assert_eq!(ghash, ghash_expected);
     }
 
     #[test]
@@ -97,4 +111,17 @@ mod tests {
         assert_eq!(pascal[3], expected3);
         assert_eq!(pascal[4], expected4);
     }
+
+    fn ghash_reference_impl(h: u128, message: &[Gf2_128]) -> Gf2_128 {
+        let mut ghash = GHash::new(&h.to_be_bytes().into());
+        for el in message {
+            let block = GenericArray::clone_from_slice(&el.to_be_bytes());
+            ghash.update(&[block]);
+        }
+        let ghash_output = ghash.finalize();
+
+        Gf2_128::new(u128::from_be_bytes(
+            ghash_output.as_slice().try_into().unwrap(),
+        ))
+    }
 }