fix: output endianness of ke circuit

Author: th4s

crates/components/key-exchange/src/circuit.rs

@@ -44,8 +44,12 @@ pub(crate) fn build_pms_circuit() -> Arc<Circuit> {
         &to_little_endian(&share_b0),
         &to_little_endian(&modulus),
     );
-    for node in pms_0.iter() {
-        builder.add_output(*node);
+
+    // return output as big endian
+    for node in pms_0.chunks_exact(8).rev() {
+        for &bit in node.iter() {
+            builder.add_output(bit);
+        }
     }
 
     let pms_1 = add_mod(
@@ -54,8 +58,12 @@ pub(crate) fn build_pms_circuit() -> Arc<Circuit> {
         &to_little_endian(&share_b1),
         &to_little_endian(&modulus),
     );
-    for node in pms_1.iter() {
-        builder.add_output(*node);
+
+    // return output as big endian
+    for node in pms_1.chunks_exact(8).rev() {
+        for &bit in node.iter() {
+            builder.add_output(bit);
+        }
     }
 
     for (a, b) in pms_0.into_iter().zip(pms_1) {

crates/components/key-exchange/src/exchange.rs

@@ -488,7 +488,10 @@ mod tests {
 
         let leader_private_key = SecretKey::random(&mut rng);
         let follower_private_key = SecretKey::random(&mut rng);
-        let server_public_key = PublicKey::from_secret_scalar(&NonZeroScalar::random(&mut rng));
+
+        let server_secret_key = &NonZeroScalar::random(&mut rng);
+        let server_public_key = PublicKey::from_secret_scalar(server_secret_key);
+
         let expected_client_public_key = PublicKey::from_affine(
             (leader_private_key.public_key().to_projective()
                 + follower_private_key.public_key().to_projective())
@@ -541,7 +544,12 @@ mod tests {
             }
         );
 
+        let expected_ecdh_x =
+            p256::ecdh::diffie_hellman(server_secret_key, client_public_key.as_affine());
+        let expected_ecdh_x = expected_ecdh_x.raw_secret_bytes().to_vec();
+
         assert_eq!(leader_pms, follower_pms);
+        assert_eq!(leader_pms.to_vec(), expected_ecdh_x);
     }
 
     #[tokio::test]