module AsconHash256 where

import Ascon

parse : {r, n} (fin n, fin r, 0 < r) => [n] -> ([n/r][r], [n%r])
parse (M_ # Ml) = (split M_, Ml)

pad : {n} (n < 64) => [n] -> [64]
pad M = bs # b # zero
  where
    bs : [n/8*8]
    b_ : [n%8]
    bs # b_ = M
    b : [8]
    b = zext`{8} (0b1 # b_)

/// 5.1. Specification of Ascon-Hash256
Ascon_Hash256 : {n} (fin n) => [n] -> [256]
Ascon_Hash256 M =
    join [LE (head S) | S <- take (iterate Ascon_p`{12} Sn)]
    where
    (M1, M2) = parse M
    M2' = pad M2
    M' = M1 # [pad M2]

    AddBlock [s0, s1, s2, s3, s4] X = Ascon_p`{12} [LE X ^ s0, s1, s2, s3, s4]
    S0 = Ascon_p`{12} [Ascon_Hash256_IV, 0, 0, 0, 0]
    Sn = foldl AddBlock S0 M'

Ascon_Hash256_IV : [64]
Ascon_Hash256_IV = 0x0000080100cc0002