module AsconHash where

import Ascon

// 5. Hash and eXtendable-Output Functions (XOFs)

Ascon_Digest : {n} (fin n) => [64] -> [n][64] -> [inf]
Ascon_Digest IV Ms = wordsToBits [head S | S <- iterate Ascon_p`{12} Sn]
    where
    S0 = Ascon_p`{12} [IV, 0, 0, 0, 0]
    Sn = foldl AbsorbBlock S0 Ms

AbsorbBlock : State -> [64] -> State
AbsorbBlock [s0, s1, s2, s3, s4] X = Ascon_p`{12} [X ^ s0, s1, s2, s3, s4]

/// 5.1. Specification of Ascon-Hash256
Ascon_Hash256 : {n} (fin n) => [n] -> [256]
Ascon_Hash256 M = take (Ascon_Digest Ascon_Hash256_IV (toBlocks M))

Ascon_Hash256_IV : [64]
Ascon_Hash256_IV = 0x0000080100cc0002

Ascon_Hash256_bytes : {n} (fin n) => [n][8] -> [32][8]
Ascon_Hash256_bytes M = bitsToWords (Ascon_Hash256 (wordsToBits M))

property
  initial_value_works =
    Ascon_p`{12} ([Ascon_Hash256_IV] # zero)
      ==
      [0x9b1e5494e934d681, 0x4bc3a01e333751d2, 0xae65396c6b34b81a, 0x3c7fd4a4d56a4db3, 0x1a5c464906c5976d]

// 5.2. Specification of Ascon-XOF128

Ascon_XOF128 : {r, n} (fin n, fin r) => [n] -> [r]
Ascon_XOF128 M = take (Ascon_Digest Ascon_XOF128_IV (toBlocks M))

Ascon_XOF128_IV : [64]
Ascon_XOF128_IV = 0x0000080000cc0003

Ascon_XOF128_bytes : {r, n} (fin n, fin r) => [n][8] -> [r][8]
Ascon_XOF128_bytes M = bitsToWords (Ascon_XOF128 (wordsToBits M))

// 5.3. Specification of Ascon-CXOF128

Ascon_CXOF128 : {r, c, n} (fin n, fin r, fin c, 64 >= width c) => [c] -> [n] -> [r]
Ascon_CXOF128 Z M = take (Ascon_Digest Ascon_CXOF128_IV Ms)
  where
    Ms = [`c]
       # toBlocks Z
       # toBlocks M

Ascon_CXOF128_bytes : {r, z, n} (fin n, fin r, 61 >= width z) => [z][8] -> [n][8] -> [r][8]
Ascon_CXOF128_bytes Z M = bitsToWords (Ascon_CXOF128 (wordsToBits Z) (wordsToBits M))

Ascon_CXOF128_IV : [64]
Ascon_CXOF128_IV = 0x0000080000cc0004