m <- llvm_load_module "aead.bc";

include "common.saw";

thm_P8 <- mk_P8;
thm_P12 <- mk_P12;

let verify_aead P_len A_len = do {
  llvm_verify
  m "crypto_aead_encrypt"
  [thm_P12, thm_P8]
  false
  do {
    // Inputs

    let P_type = llvm_array P_len i8;
    (P, P_ptr) <- fresh_alloc_readonly "P" P_type;

    let A_type = llvm_array A_len i8;
    (A, A_ptr) <- fresh_alloc_readonly "A" A_type;

    let N_type = llvm_array 16 i8;
    (N, N_ptr) <- fresh_alloc_readonly "N" N_type;

    let K_type = llvm_array 16 i8;
    (K, K_ptr) <- fresh_alloc_readonly "K" K_type;

    // Outputs

    let C_len = eval_size {| P_len + 16 |};
    let C_type = llvm_array C_len i8;
    C_ptr <- llvm_alloc C_type;

    CLEN_ptr <- llvm_alloc i64;

    llvm_execute_func
      [ C_ptr, CLEN_ptr
      , P_ptr, llvm_term {{ `P_len:[64] }}
      , A_ptr, llvm_term {{ `A_len:[64] }}
      , llvm_null
      , N_ptr
      , K_ptr
      ];

    llvm_points_to CLEN_ptr (llvm_term {{ `C_len : [64] }});
    llvm_points_to C_ptr (llvm_term {{ C # T where (C,T) = AEAD128_encrypt_bytes K N A P }});
    llvm_return (llvm_term {{ 0 : [32] }});
  }
  (unint_yices ["Ascon::Ascon_p"]);
};

verify_aead 0 0;
verify_aead 0 1;
verify_aead 1 0;
verify_aead 10 10;
verify_aead 20 20;
verify_aead 33 100;