syntax for circom version + paths in tests (#40)

circuits/aes-gcm/gfmul_int.circom

@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "vclmul_emulator.circom";
 include "helper_functions.circom";

circuits/aes-gcm/ghash.circom

@@ -1,4 +1,4 @@
-pragma circom 2.0.0;
+pragma circom 2.1.9;
 
 include "gfmul_int.circom";
 include "helper_functions.circom";
@@ -74,5 +74,4 @@ template GHASH(n_msg_bits)
     {
         for(j=0; j<64; j++) result[i][j] <== current_res[i][j];
     }
-}
-component main = GHASH(128);
+}

circuits/aes-gcm/helper_functions.circom

@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "../lib_circuits/bitify.circom";
 include "../lib_circuits/gates.circom";

circuits/aes-gcm/mul.circom

@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "helper_functions.circom";
 

circuits/aes-gcm/polyval.circom

@@ -0,0 +1,62 @@
+pragma circom 2.1.9;
+
+include "gfmul_int.circom";
+include "helper_functions.circom";
+
+template POLYVAL(n_bits)
+{
+    var msg_len = n_bits/8;
+    signal input in[n_bits];
+    signal input H[128];
+    signal input T[2][64];
+    signal output result[2][64];
+
+    var current_res[2][64] = T, in_t[2][64];
+
+    var i, j, k;
+    var blocks = msg_len/16;
+
+    component xor_1[blocks][2][64];
+    component gfmul_int_1[blocks];
+
+    if(blocks != 0)
+    {
+        for(i=0; i<blocks; i++)
+        {
+            for(j=0; j<64; j++)
+            {
+                in_t[0][j] = in[2*i*64+j];
+                in_t[1][j] = in[(2*i+1)*64+j];
+            }
+
+            for(j=0; j<2; j++)
+            {
+                for(k=0; k<64; k++)
+                {
+                    xor_1[i][j][k] = XOR();
+                    xor_1[i][j][k].a <== current_res[j][k];
+                    xor_1[i][j][k].b <== in_t[j][k];
+
+                    current_res[j][k] = xor_1[i][j][k].out;
+                }
+            }
+
+            gfmul_int_1[i] = GFMULInt();
+            for(j=0; j<2; j++)
+            {
+                for(k=0; k<64; k++)
+                {
+                    gfmul_int_1[i].a[j][k] <== current_res[j][k];
+                    gfmul_int_1[i].b[j][k] <== H[j*64+k];
+                }
+            }
+
+            current_res = gfmul_int_1[i].res;
+        }
+    }
+
+    for(i=0; i<2; i++)
+    {
+        for(j=0; j<64; j++) result[i][j] <== current_res[i][j];
+    }
+}

circuits/aes-gcm/vclmul_emulator.circom

@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "mul.circom";
 

circuits/lib_circuits/aliascheck.circom

@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "compconstant.circom";
 

circuits/lib_circuits/binsum.circom

@@ -49,7 +49,7 @@ To waranty binary outputs:
 /*
     This function calculates the number of extra bits in the output to do the full sum.
  */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 function nbits(a) {
     var n = 1;

circuits/lib_circuits/bitify.circom

@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "comparators.circom";
 include "aliascheck.circom";

circuits/lib_circuits/comparators.circom

@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "bitify.circom";
 include "binsum.circom";

circuits/lib_circuits/compconstant.circom

@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "bitify.circom";
 

circuits/lib_circuits/gates.circom

@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 template XOR() {
     signal input a;

circuits/lib_circuits/mux1.circom

@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 template MultiMux1(n) {
     signal input c[n][2];  // Constants

circuits/lib_circuits/sha256.circom

@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "constants.circom";
 include "sha256compression.circom";

circuits/test/gfmulint/gfmulint.test.ts

@@ -1,7 +1,6 @@
+import { assert } from "chai";
 import { WitnessTester } from "circomkit";
 import { circomkit } from "../common";
-import { assert } from "chai";
-import { parse } from "path";
 
 // input and output type of GFMULInt
 type Arr128 = number[][];
@@ -11,7 +10,7 @@ describe("gfmulint", () => {
 
   before(async () => {
     circuit = await circomkit.WitnessTester("gfmulint", {
-      file: "aes/gfmul_int",
+      file: "aes-gcm/gfmul_int",
       template: "GFMULInt",
     });
     console.log("#constraints:", await circuit.getConstraintCount());

circuits/test/ghash/polyval.test.ts

@@ -6,7 +6,7 @@ describe("polyval", () => {
 
   before(async () => {
     circuit = await circomkit.WitnessTester(`polyval`, {
-      file: "aes/polyval",
+      file: "aes-gcm/polyval",
       template: "POLYVAL",
       params: [128],
     });