fix: add range check on paddedInLength of shaBytesDynamic (#623)

2026-01-10 07:08:10 -05:00 · 2025-06-16 02:32:24 +05:30
parent cfd2058cc2
commit 095ceebcc5
1 changed files with 8 additions and 2 deletions
--- a/circuits/circuits/utils/crypto/hasher/shaBytes/shaBytesDynamic.circom
+++ b/circuits/circuits/utils/crypto/hasher/shaBytes/shaBytesDynamic.circom
@@ -3,6 +3,8 @@ pragma circom 2.1.9;
 include "./dynamic/sha1Bytes.circom";
 include "./dynamic/sha224Bytes.circom";
 include "@openpassport/zk-email-circuits/lib/sha.circom";
+include "@openpassport/zk-email-circuits/utils/array.circom";
+include "circomlib/circuits/bitify.circom";
 include "./dynamic/sha384Bytes.circom";
 include "./dynamic/sha512Bytes.circom";

@@ -19,6 +21,10 @@ template ShaBytesDynamic(hashLen, max_num_bytes) {

    signal output hash_bits[hashLen];

+    // Assert `in_len_padded_bytes` fits in `ceil(log2(max_num_bytes * 8))`
+    component rangeCheck = Num2Bits(log2Ceil(max_num_bytes * 8));
+    rangeCheck.in <== in_len_padded_bytes;
+
    if (hashLen == 512) {
        hash_bits <== Sha512Bytes(max_num_bytes)(in_padded, in_len_padded_bytes);
    }
@@ -28,11 +34,11 @@ template ShaBytesDynamic(hashLen, max_num_bytes) {
    if (hashLen == 256) {
        hash_bits <== Sha256Bytes(max_num_bytes)(in_padded, in_len_padded_bytes);
    }
-    if (hashLen == 224) { 
+    if (hashLen == 224) {
        hash_bits <== Sha224Bytes(max_num_bytes)(in_padded, in_len_padded_bytes);
    }
    if (hashLen == 160) {
        hash_bits <== Sha1Bytes(max_num_bytes)(in_padded, in_len_padded_bytes);
    }

-}
+}