From 64ec2769ee3e4e6cc5f30652618bd36712caa99b Mon Sep 17 00:00:00 2001
From: Waylon Jepsen <57912727+0xJepsen@users.noreply.github.com>
Date: Sun, 11 Aug 2024 13:13:39 -0600
Subject: [PATCH] syntax for circom version + paths in tests (#40)

---
 circuits/aes-gcm/gfmul_int.circom         |  2 +-
 circuits/aes-gcm/ghash.circom             |  5 +-
 circuits/aes-gcm/helper_functions.circom  |  2 +-
 circuits/aes-gcm/mul.circom               |  2 +-
 circuits/aes-gcm/polyval.circom           | 62 +++++++++++++++++++++++
 circuits/aes-gcm/vclmul_emulator.circom   |  2 +-
 circuits/lib_circuits/aliascheck.circom   |  2 +-
 circuits/lib_circuits/binsum.circom       |  2 +-
 circuits/lib_circuits/bitify.circom       |  2 +-
 circuits/lib_circuits/comparators.circom  |  2 +-
 circuits/lib_circuits/compconstant.circom |  2 +-
 circuits/lib_circuits/gates.circom        |  2 +-
 circuits/lib_circuits/mux1.circom         |  2 +-
 circuits/lib_circuits/sha256.circom       |  2 +-
 circuits/test/gfmulint/gfmulint.test.ts   |  5 +-
 circuits/test/ghash/polyval.test.ts       |  2 +-
 16 files changed, 79 insertions(+), 19 deletions(-)
 create mode 100644 circuits/aes-gcm/polyval.circom

diff --git a/circuits/aes-gcm/gfmul_int.circom b/circuits/aes-gcm/gfmul_int.circom
index 6a2aa00..85a7e2f 100644
--- a/circuits/aes-gcm/gfmul_int.circom
+++ b/circuits/aes-gcm/gfmul_int.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "vclmul_emulator.circom";
 include "helper_functions.circom";
diff --git a/circuits/aes-gcm/ghash.circom b/circuits/aes-gcm/ghash.circom
index d6aeaef..e497d27 100644
--- a/circuits/aes-gcm/ghash.circom
+++ b/circuits/aes-gcm/ghash.circom
@@ -1,4 +1,4 @@
-pragma circom 2.0.0;
+pragma circom 2.1.9;
 
 include "gfmul_int.circom";
 include "helper_functions.circom";
@@ -74,5 +74,4 @@ template GHASH(n_msg_bits)
     {
         for(j=0; j<64; j++) result[i][j] <== current_res[i][j];
     }
-}
-component main = GHASH(128);
+}
\ No newline at end of file
diff --git a/circuits/aes-gcm/helper_functions.circom b/circuits/aes-gcm/helper_functions.circom
index 0763744..d920bd6 100644
--- a/circuits/aes-gcm/helper_functions.circom
+++ b/circuits/aes-gcm/helper_functions.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "../lib_circuits/bitify.circom";
 include "../lib_circuits/gates.circom";
diff --git a/circuits/aes-gcm/mul.circom b/circuits/aes-gcm/mul.circom
index 666795b..0083b41 100644
--- a/circuits/aes-gcm/mul.circom
+++ b/circuits/aes-gcm/mul.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "helper_functions.circom";
 
diff --git a/circuits/aes-gcm/polyval.circom b/circuits/aes-gcm/polyval.circom
new file mode 100644
index 0000000..cb63743
--- /dev/null
+++ b/circuits/aes-gcm/polyval.circom
@@ -0,0 +1,62 @@
+pragma circom 2.1.9;
+
+include "gfmul_int.circom";
+include "helper_functions.circom";
+
+template POLYVAL(n_bits)
+{
+    var msg_len = n_bits/8;
+    signal input in[n_bits];
+    signal input H[128];
+    signal input T[2][64];
+    signal output result[2][64];
+
+    var current_res[2][64] = T, in_t[2][64];
+
+    var i, j, k;
+    var blocks = msg_len/16;
+
+    component xor_1[blocks][2][64];
+    component gfmul_int_1[blocks];
+    
+    if(blocks != 0)
+    {
+        for(i=0; i<blocks; i++)
+        {
+            for(j=0; j<64; j++)
+            {
+                in_t[0][j] = in[2*i*64+j];
+                in_t[1][j] = in[(2*i+1)*64+j];
+            }
+
+            for(j=0; j<2; j++)
+            {
+                for(k=0; k<64; k++)
+                {
+                    xor_1[i][j][k] = XOR();
+                    xor_1[i][j][k].a <== current_res[j][k];
+                    xor_1[i][j][k].b <== in_t[j][k];
+
+                    current_res[j][k] = xor_1[i][j][k].out;
+                }
+            }
+
+            gfmul_int_1[i] = GFMULInt();
+            for(j=0; j<2; j++)
+            {
+                for(k=0; k<64; k++)
+                {
+                    gfmul_int_1[i].a[j][k] <== current_res[j][k];
+                    gfmul_int_1[i].b[j][k] <== H[j*64+k];
+                }
+            }
+
+            current_res = gfmul_int_1[i].res;
+        }
+    }
+
+    for(i=0; i<2; i++)
+    {
+        for(j=0; j<64; j++) result[i][j] <== current_res[i][j];
+    }
+}
\ No newline at end of file
diff --git a/circuits/aes-gcm/vclmul_emulator.circom b/circuits/aes-gcm/vclmul_emulator.circom
index 33aa9d7..2dcace9 100644
--- a/circuits/aes-gcm/vclmul_emulator.circom
+++ b/circuits/aes-gcm/vclmul_emulator.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "mul.circom";
 
diff --git a/circuits/lib_circuits/aliascheck.circom b/circuits/lib_circuits/aliascheck.circom
index 1edb26f..0c7879c 100644
--- a/circuits/lib_circuits/aliascheck.circom
+++ b/circuits/lib_circuits/aliascheck.circom
@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "compconstant.circom";
 
diff --git a/circuits/lib_circuits/binsum.circom b/circuits/lib_circuits/binsum.circom
index 0fcafcb..0d8fb24 100644
--- a/circuits/lib_circuits/binsum.circom
+++ b/circuits/lib_circuits/binsum.circom
@@ -49,7 +49,7 @@ To waranty binary outputs:
 /*
     This function calculates the number of extra bits in the output to do the full sum.
  */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 function nbits(a) {
     var n = 1;
diff --git a/circuits/lib_circuits/bitify.circom b/circuits/lib_circuits/bitify.circom
index 022a79a..a6345d7 100644
--- a/circuits/lib_circuits/bitify.circom
+++ b/circuits/lib_circuits/bitify.circom
@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "comparators.circom";
 include "aliascheck.circom";
diff --git a/circuits/lib_circuits/comparators.circom b/circuits/lib_circuits/comparators.circom
index d55fff0..8c507a2 100644
--- a/circuits/lib_circuits/comparators.circom
+++ b/circuits/lib_circuits/comparators.circom
@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "bitify.circom";
 include "binsum.circom";
diff --git a/circuits/lib_circuits/compconstant.circom b/circuits/lib_circuits/compconstant.circom
index 86f9556..21aae11 100644
--- a/circuits/lib_circuits/compconstant.circom
+++ b/circuits/lib_circuits/compconstant.circom
@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "bitify.circom";
 
diff --git a/circuits/lib_circuits/gates.circom b/circuits/lib_circuits/gates.circom
index 2c06e60..a5d0992 100644
--- a/circuits/lib_circuits/gates.circom
+++ b/circuits/lib_circuits/gates.circom
@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 template XOR() {
     signal input a;
diff --git a/circuits/lib_circuits/mux1.circom b/circuits/lib_circuits/mux1.circom
index 2e51228..b595fc3 100644
--- a/circuits/lib_circuits/mux1.circom
+++ b/circuits/lib_circuits/mux1.circom
@@ -16,7 +16,7 @@
     You should have received a copy of the GNU General Public License
     along with circom. If not, see <https://www.gnu.org/licenses/>.
 */
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 template MultiMux1(n) {
     signal input c[n][2];  // Constants
diff --git a/circuits/lib_circuits/sha256.circom b/circuits/lib_circuits/sha256.circom
index 059dd1a..86d2e46 100644
--- a/circuits/lib_circuits/sha256.circom
+++ b/circuits/lib_circuits/sha256.circom
@@ -1,4 +1,4 @@
-pragma circom 2.1.9
+pragma circom 2.1.9;
 
 include "constants.circom";
 include "sha256compression.circom";
diff --git a/circuits/test/gfmulint/gfmulint.test.ts b/circuits/test/gfmulint/gfmulint.test.ts
index 9e10333..256986c 100644
--- a/circuits/test/gfmulint/gfmulint.test.ts
+++ b/circuits/test/gfmulint/gfmulint.test.ts
@@ -1,7 +1,6 @@
+import { assert } from "chai";
 import { WitnessTester } from "circomkit";
 import { circomkit } from "../common";
-import { assert } from "chai";
-import { parse } from "path";
 
 // input and output type of GFMULInt
 type Arr128 = number[][];
@@ -11,7 +10,7 @@ describe("gfmulint", () => {
 
   before(async () => {
     circuit = await circomkit.WitnessTester("gfmulint", {
-      file: "aes/gfmul_int",
+      file: "aes-gcm/gfmul_int",
       template: "GFMULInt",
     });
     console.log("#constraints:", await circuit.getConstraintCount());
diff --git a/circuits/test/ghash/polyval.test.ts b/circuits/test/ghash/polyval.test.ts
index bf08721..20c3ba0 100644
--- a/circuits/test/ghash/polyval.test.ts
+++ b/circuits/test/ghash/polyval.test.ts
@@ -6,7 +6,7 @@ describe("polyval", () => {
 
   before(async () => {
     circuit = await circomkit.WitnessTester(`polyval`, {
-      file: "aes/polyval",
+      file: "aes-gcm/polyval",
       template: "POLYVAL",
       params: [128],
     });