Merge pull request #90 from zkemail/fix/update-circom-imports

Update circuit paths + add a new flag

.circleci/config.yml

@@ -3,6 +3,34 @@ orbs:
   node: circleci/[email protected]
   rust: circleci/[email protected]
 jobs:
+  run_circuit_tests:
+    docker:
+      - image: saleel/circom:2.1.6
+    steps:
+      - checkout:
+          path: ~/zk-email-verify
+      - node/install-packages:
+          pkg-manager: yarn
+          app-dir: ~/zk-email-verify
+      - run:
+          command: yarn test
+          name: Run circom tests
+          working_directory: ~/zk-email-verify/packages/circuits
+
+  run_twitter_circuit_tests:
+    docker:
+      - image: saleel/circom:2.1.6
+    steps:
+      - checkout:
+          path: ~/zk-email-verify
+      - node/install-packages:
+          pkg-manager: yarn
+          app-dir: ~/zk-email-verify
+      - run:
+          command: yarn test
+          name: Run circom tests
+          working_directory: ~/zk-email-verify/packages/twitter-verifier-circuits
+
   run_forge_tests:
     docker:
       - image: ghcr.io/foundry-rs/foundry:latest
@@ -62,5 +90,7 @@ jobs:
 workflows:
   build_test:
     jobs:
+      - run_circuit_tests
+      # - run_twitter_circuit_tests      
       - run_unit_and_e2e_tests
       - run_forge_tests

.gitignore

@@ -77,6 +77,8 @@ generate_input_log.txt
 *.env
 .vscode
 
+packages/circuits/tests/compiled-test-circuit/*
+
 
 .vite
 **/.vite

package.json

@@ -22,6 +22,6 @@
     "jest": "^29.5.0",
     "ts-jest": "^29.1.0",
     "ts-node": "^10.9.1",
-    "typescript": "^5.1.3"
+    "typescript": "^5.1.6"
   }
 }

packages/circuits/email-verifier.circom

@@ -1,6 +1,6 @@
 pragma circom 2.1.5;
 
-include "../../node_modules/circomlib/circuits/bitify.circom";
+include "circomlib/circuits/bitify.circom";
 include "./helpers/sha.circom";
 include "./helpers/rsa.circom";
 include "./helpers/base64.circom";
@@ -11,8 +11,9 @@ include "./regexes/body_hash_regex.circom";
 // This is because the number is chunked into k pack_size of n bits each
 // Max header bytes shouldn't need to be changed much per email,
 // but the max mody bytes may need to be changed to be larger if the email has a lot of i.e. HTML formatting
+// ignore_body_hash_check is a flag that allows us to skip the body hash check, for projects that dont care about the body contents
 // TODO: split into header and body
-template EmailVerifier(max_header_bytes, max_body_bytes, n, k) {
+template EmailVerifier(max_header_bytes, max_body_bytes, n, k, ignore_body_hash_check) {
     assert(max_header_bytes % 64 == 0);
     assert(max_body_bytes % 64 == 0);
     assert(n * k > 2048); // constraints for 2048 bit RSA
@@ -60,41 +61,43 @@ template EmailVerifier(max_header_bytes, max_body_bytes, n, k) {
     rsa.signature <== signature;
 
 
-    // BODY HASH REGEX: 617,597 constraints
-    // This extracts the body hash from the header (i.e. the part after bh= within the DKIM-signature section)
-    // which is used to verify the body text matches this signed hash + the signature verifies this hash is legit
-    signal (bh_regex_out, bh_reveal[max_header_bytes]) <== BodyHashRegex(max_header_bytes)(in_padded);
-    bh_regex_out === 1;
-    signal shifted_bh_out[LEN_SHA_B64] <== VarShiftLeft(max_header_bytes, LEN_SHA_B64)(bh_reveal, body_hash_idx);
-    // log(body_hash_regex.out);
+    if (ignore_body_hash_check != 1) {
+        // BODY HASH REGEX: 617,597 constraints
+        // This extracts the body hash from the header (i.e. the part after bh= within the DKIM-signature section)
+        // which is used to verify the body text matches this signed hash + the signature verifies this hash is legit
+        signal (bh_regex_out, bh_reveal[max_header_bytes]) <== BodyHashRegex(max_header_bytes)(in_padded);
+        bh_regex_out === 1;
+        signal shifted_bh_out[LEN_SHA_B64] <== VarShiftLeft(max_header_bytes, LEN_SHA_B64)(bh_reveal, body_hash_idx);
+        // log(body_hash_regex.out);
 
 
-    // SHA BODY: 760,142 constraints
+        // SHA BODY: 760,142 constraints
 
-    // Precomputed sha vars for big body hashing
-    // Next 3 signals are for decreasing SHA constraints for parsing out information from the in-body text
-    // The precomputed_sha value is the Merkle-Damgard state of our SHA hash uptil our first regex match
-    // This allows us to save a ton of SHA constraints by only hashing the relevant part of the body
-    // It doesn't have an impact on security since a user must have known the pre-image of a signed message to be able to fake it
-    // The lower two body signals describe the suffix of the body that we care about
-    // The part before these signals, a significant prefix of the body, has been pre-hashed into precomputed_sha.
-    signal input precomputed_sha[32];
-    signal input in_body_padded[max_body_bytes];
-    signal input in_body_len_padded_bytes;
+        // Precomputed sha vars for big body hashing
+        // Next 3 signals are for decreasing SHA constraints for parsing out information from the in-body text
+        // The precomputed_sha value is the Merkle-Damgard state of our SHA hash uptil our first regex match
+        // This allows us to save a ton of SHA constraints by only hashing the relevant part of the body
+        // It doesn't have an impact on security since a user must have known the pre-image of a signed message to be able to fake it
+        // The lower two body signals describe the suffix of the body that we care about
+        // The part before these signals, a significant prefix of the body, has been pre-hashed into precomputed_sha.
+        signal input precomputed_sha[32];
+        signal input in_body_padded[max_body_bytes];
+        signal input in_body_len_padded_bytes;
 
-    // This verifies that the hash of the body, when calculated from the precomputed part forwards,
-    // actually matches the hash in the header
-    signal sha_body_out[256] <== Sha256BytesPartial(max_body_bytes)(in_body_padded, in_body_len_padded_bytes, precomputed_sha);
-    signal sha_b64_out[32] <== Base64Decode(32)(shifted_bh_out);
+        // This verifies that the hash of the body, when calculated from the precomputed part forwards,
+        // actually matches the hash in the header
+        signal sha_body_out[256] <== Sha256BytesPartial(max_body_bytes)(in_body_padded, in_body_len_padded_bytes, precomputed_sha);
+        signal sha_b64_out[32] <== Base64Decode(32)(shifted_bh_out);
 
-    // When we convert the manually hashed email sha_body into bytes, it matches the
-    // base64 decoding of the final hash state that the signature signs (sha_b64)
-    component sha_body_bytes[32];
-    for (var i = 0; i < 32; i++) {
-        sha_body_bytes[i] = Bits2Num(8);
-        for (var j = 0; j < 8; j++) {
-            sha_body_bytes[i].in[7 - j] <== sha_body_out[i * 8 + j];
+        // When we convert the manually hashed email sha_body into bytes, it matches the
+        // base64 decoding of the final hash state that the signature signs (sha_b64)
+        component sha_body_bytes[32];
+        for (var i = 0; i < 32; i++) {
+            sha_body_bytes[i] = Bits2Num(8);
+            for (var j = 0; j < 8; j++) {
+                sha_body_bytes[i].in[7 - j] <== sha_body_out[i * 8 + j];
+            }
+            sha_body_bytes[i].out === sha_b64_out[i];
         }
-        sha_body_bytes[i].out === sha_b64_out[i];
     }
 }

packages/circuits/helpers/base64.circom

@@ -1,6 +1,6 @@
 pragma circom 2.1.5;
 
-include "../../../node_modules/circomlib/circuits/comparators.circom";
+include "circomlib/circuits/comparators.circom";
 
 // http://0x80.pl/notesen/2016-01-17-sse-base64-decoding.html#vector-lookup-base
 template Base64Lookup() {

packages/circuits/helpers/bigint.circom

@@ -1,8 +1,8 @@
 pragma circom 2.1.5;
 
-include "../../../node_modules/circomlib/circuits/comparators.circom";
-include "../../../node_modules/circomlib/circuits/bitify.circom";
-include "../../../node_modules/circomlib/circuits/gates.circom";
+include "circomlib/circuits/comparators.circom";
+include "circomlib/circuits/bitify.circom";
+include "circomlib/circuits/gates.circom";
 
 include "bigint_func.circom";
 

packages/circuits/helpers/fp.circom

@@ -1,8 +1,8 @@
 pragma circom 2.1.5;
 
-include "../../../node_modules/circomlib/circuits/bitify.circom";
-include "../../../node_modules/circomlib/circuits/comparators.circom";
-include "../../../node_modules/circomlib/circuits/sign.circom";
+include "circomlib/circuits/bitify.circom";
+include "circomlib/circuits/comparators.circom";
+include "circomlib/circuits/sign.circom";
 include "./bigint.circom";
 include "./bigint_func.circom";
 

packages/circuits/helpers/sha.circom

@@ -1,6 +1,6 @@
 pragma circom 2.1.5;
 
-include "../../../node_modules/circomlib/circuits/bitify.circom";
+include "circomlib/circuits/bitify.circom";
 include "./sha256general.circom";
 include "./sha256partial.circom";
 

packages/circuits/helpers/sha256general.circom

@@ -1,8 +1,8 @@
 pragma circom 2.1.5;
 
-include "../../../node_modules/circomlib/circuits/sha256/constants.circom";
-include "../../../node_modules/circomlib/circuits/sha256/sha256compression.circom";
-include "../../../node_modules/circomlib/circuits/comparators.circom";
+include "circomlib/circuits/sha256/constants.circom";
+include "circomlib/circuits/sha256/sha256compression.circom";
+include "circomlib/circuits/comparators.circom";
 include "./utils.circom";
 
 // A modified version of the SHA256 circuit that allows specified length messages up to a max to all work via array indexing on the SHA256 compression circuit.

packages/circuits/helpers/sha256partial.circom

@@ -1,8 +1,8 @@
 pragma circom 2.1.5;
 
-include "../../../node_modules/circomlib/circuits/sha256/constants.circom";
-include "../../../node_modules/circomlib/circuits/sha256/sha256compression.circom";
-include "../../../node_modules/circomlib/circuits/comparators.circom";
+include "circomlib/circuits/sha256/constants.circom";
+include "circomlib/circuits/sha256/sha256compression.circom";
+include "circomlib/circuits/comparators.circom";
 include "./utils.circom";
 
 // Completing the sha256 hash given a pre-computed state and additional data

packages/circuits/helpers/utils.circom

@@ -1,8 +1,8 @@
 pragma circom 2.1.5;
 
-include "../../../node_modules/circomlib/circuits/bitify.circom";
-include "../../../node_modules/circomlib/circuits/comparators.circom";
-include "../../../node_modules/circomlib/circuits/mimcsponge.circom";
+include "circomlib/circuits/bitify.circom";
+include "circomlib/circuits/comparators.circom";
+include "circomlib/circuits/mimcsponge.circom";
 include "./fp.circom";
 
 // returns ceil(log2(a+1))

packages/circuits/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zk-email/circuits",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "scripts": {
     "publish": "yarn npm publish --access=public",
     "test": "jest tests/*.ts"

packages/circuits/regexes/regex_helpers.circom

@@ -1,7 +1,7 @@
 pragma circom 2.1.5;
 
-include "../../../node_modules/circomlib/circuits/comparators.circom";
-include "../../../node_modules/circomlib/circuits/gates.circom";
+include "circomlib/circuits/comparators.circom";
+include "circomlib/circuits/gates.circom";
 
 template MultiOROld(n) {
     signal input in[n];