You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

81 lines
2.5 KiB

  1. pragma circom 2.0.0;
  2. include "constants.circom";
  3. include "sha256compression.circom";
  4. template Sha256(nBits) {
  5. signal input in[nBits];
  6. signal output out[256];
  7. var i;
  8. var k;
  9. var nBlocks;
  10. var bitsLastBlock;
  11. nBlocks = ((nBits + 64)\512)+1;
  12. signal paddedIn[nBlocks*512];
  13. for (k=0; k<nBits; k++) {
  14. paddedIn[k] <== in[k];
  15. }
  16. paddedIn[nBits] <== 1;
  17. for (k=nBits+1; k<nBlocks*512-64; k++) {
  18. paddedIn[k] <== 0;
  19. }
  20. for (k = 0; k< 64; k++) {
  21. paddedIn[nBlocks*512 - k -1] <== (nBits >> k)&1;
  22. }
  23. component ha0 = H(0);
  24. component hb0 = H(1);
  25. component hc0 = H(2);
  26. component hd0 = H(3);
  27. component he0 = H(4);
  28. component hf0 = H(5);
  29. component hg0 = H(6);
  30. component hh0 = H(7);
  31. component sha256compression[nBlocks];
  32. for (i=0; i<nBlocks; i++) {
  33. sha256compression[i] = Sha256compression() ;
  34. if (i==0) {
  35. for (k=0; k<32; k++ ) {
  36. sha256compression[i].hin[0*32+k] <== ha0.out[k];
  37. sha256compression[i].hin[1*32+k] <== hb0.out[k];
  38. sha256compression[i].hin[2*32+k] <== hc0.out[k];
  39. sha256compression[i].hin[3*32+k] <== hd0.out[k];
  40. sha256compression[i].hin[4*32+k] <== he0.out[k];
  41. sha256compression[i].hin[5*32+k] <== hf0.out[k];
  42. sha256compression[i].hin[6*32+k] <== hg0.out[k];
  43. sha256compression[i].hin[7*32+k] <== hh0.out[k];
  44. }
  45. } else {
  46. for (k=0; k<32; k++ ) {
  47. sha256compression[i].hin[32*0+k] <== sha256compression[i-1].out[32*0+31-k];
  48. sha256compression[i].hin[32*1+k] <== sha256compression[i-1].out[32*1+31-k];
  49. sha256compression[i].hin[32*2+k] <== sha256compression[i-1].out[32*2+31-k];
  50. sha256compression[i].hin[32*3+k] <== sha256compression[i-1].out[32*3+31-k];
  51. sha256compression[i].hin[32*4+k] <== sha256compression[i-1].out[32*4+31-k];
  52. sha256compression[i].hin[32*5+k] <== sha256compression[i-1].out[32*5+31-k];
  53. sha256compression[i].hin[32*6+k] <== sha256compression[i-1].out[32*6+31-k];
  54. sha256compression[i].hin[32*7+k] <== sha256compression[i-1].out[32*7+31-k];
  55. }
  56. }
  57. for (k=0; k<512; k++) {
  58. sha256compression[i].inp[k] <== paddedIn[i*512+k];
  59. }
  60. }
  61. for (k=0; k<256; k++) {
  62. out[k] <== sha256compression[nBlocks-1].out[k];
  63. }
  64. }