keccak_Final step circuit implemented

circuits/keccak256.circom

@@ -97,6 +97,30 @@ template Absorb() {
     }
 }
 
+template Final(nBits) {
+    signal input in[nBits];
+    signal output out[25*64];
+    var blockSize=136*8;
+    var i;
+
+    // pad
+    component pad = Pad(nBits);
+    for (i=0; i<nBits; i++) {
+        pad.in[i] <== in[i];
+    }
+    // absorb
+    component abs = Absorb();
+    for (i=0; i<blockSize; i++) {
+        abs.block[i] <== pad.out[i];
+    }
+    for (i=0; i<25*64; i++) {
+        abs.s[i] <== 0;
+    }
+    for (i=0; i<25*64; i++) {
+        out[i] <== abs.out[i];
+    }
+}
+
 template Keccakf() {
     signal input in[25*64];
     signal output out[25*64];

go-keccak256-bits-impl/keccak_test.go

@@ -170,8 +170,12 @@ func TestFinal(t *testing.T) {
 		b[i] = byte(i)
 	}
 	bBits := bytesToBits(b)
+
 	fBits := final(bBits)
 
+	// printBytes("in", b[:])
+	// printU64Array("out", bitsToU64Array(fBits[:]))
+
 	qt.Assert(t, bitsToU64Array(fBits[:]), qt.DeepEquals,
 		[]uint64{16953415415620100490, 7495738965189503699,
 			12723370805759944158, 3295955328722933810,
@@ -184,4 +188,25 @@ func TestFinal(t *testing.T) {
 			14618962068930014237, 2721742233407503451,
 			12003265593030191290, 8109318293656735684, 6346795302983965746,
 			12210038122000333046})
+
+	// 2nd test
+
+	for i := 0; i < len(b); i++ {
+		b[i] = byte(254)
+	}
+	bBits = bytesToBits(b)
+	fBits = final(bBits)
+
+	// printBytes("in", b[:])
+	// printU64Array("out", bitsToU64Array(fBits[:]))
+	qt.Assert(t, bitsToU64Array(fBits[:]), qt.DeepEquals,
+		[]uint64{16852464862333879129, 9588646233186836430, 693207875935078627,
+			6545910230963382296, 3599194178366828471, 13130606490077331384,
+			10374798023615518933, 7285576075118720444, 4097382401500492461,
+			3968685317688314807, 3350659309646210303, 640023485234837464,
+			2550030127986774041, 8948768022010378840, 10678227883444996205,
+			1395278318096830339, 2744077813166753978, 13362598477502046010,
+			14601579319881128511, 4070707967569603186, 16833768365875755098,
+			1486295134719870048, 9161068934282437999, 8245604251371175619,
+			8421994351908003183})
 }

test/circuits/final_test.circom

@@ -0,0 +1,5 @@
+pragma circom 2.0.0;
+
+include "../../circuits/keccak256.circom";
+
+component main = Final(32*8);

test/keccak256.js

@@ -393,7 +393,6 @@ describe("absorb test", function () {
     this.timeout(100000);
 
     let cir;
-
     before(async () => {
 	// const cir = await wasm_tester(path.join(__dirname, "circuits", "keccakf_test.circom"));
 	cir = await c_tester(path.join(__dirname, "circuits", "absorb_test.circom"));
@@ -439,3 +438,44 @@ describe("absorb test", function () {
 	assert.deepEqual(stateOutU64, expectedOut);
     });
 });
+
+describe("Keccak-Final test", function () {
+    this.timeout(100000);
+
+    let cir;
+    before(async () => {
+	cir = await c_tester(path.join(__dirname, "circuits", "final_test.circom"));
+	await cir.loadConstraints();
+	console.log("n_constraints", cir.constraints.length);
+    });
+
+    it ("Final 1 (testvector generated from go)", async () => {
+	const input = [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31];
+	const expectedOut = strsToBigInts(["16953415415620100490", "7495738965189503699", "12723370805759944158", "3295955328722933810", "12121371508560456016", "174876831679863147", "15944933357501475584", "7502339663607726274", "12048918224562833898", "16715284461100269102", "15582559130083209842", "1743886467337678829", "2424196198791253761", "1116417308245482383", "10367365997906434042", "1849801549382613906", "13294939539683415102", "4478091053375708790", "2969967870313332958", "14618962068930014237", "2721742233407503451", "12003265593030191290", "8109318293656735684", "6346795302983965746", "12210038122000333046"]);
+
+	const inIn = bytesToBits(input);
+	const expectedOutBits = u64ArrayToBits(expectedOut);
+
+	const witness = await cir.calculateWitness({ "in": inIn }, true);
+
+	const stateOut = witness.slice(1, 1+(25*64));
+	const stateOutU64 = bitsToU64Array(stateOut);
+	// console.log(stateOutU64, expectedOut);
+	assert.deepEqual(stateOutU64, expectedOut);
+    });
+
+    it ("Final 2 (testvector generated from go)", async () => {
+	const input = strsToBigInts(["254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254", "254"]);
+	const expectedOut = strsToBigInts(["16852464862333879129", "9588646233186836430", "693207875935078627", "6545910230963382296", "3599194178366828471", "13130606490077331384", "10374798023615518933", "7285576075118720444", "4097382401500492461", "3968685317688314807", "3350659309646210303", "640023485234837464", "2550030127986774041", "8948768022010378840", "10678227883444996205", "1395278318096830339", "2744077813166753978", "13362598477502046010", "14601579319881128511", "4070707967569603186", "16833768365875755098", "1486295134719870048", "9161068934282437999", "8245604251371175619", "8421994351908003183"]);
+
+	const inIn = bytesToBits(input);
+	const expectedOutBits = u64ArrayToBits(expectedOut);
+
+	const witness = await cir.calculateWitness({ "in": inIn }, true);
+
+	const stateOut = witness.slice(1, 1+(25*64));
+	const stateOutU64 = bitsToU64Array(stateOut);
+	// console.log(stateOutU64, expectedOut);
+	assert.deepEqual(stateOutU64, expectedOut);
+    });
+});