module AsconCipher where

import Ascon

// 4. Authenticated Encryption Schema: Ascon-AEAD128

Ascon_AEAD128 : {a, p} (fin a, fin p) => [128] -> [128] -> [a] -> [p] -> [p + 128]
Ascon_AEAD128 (Khi_ # Klo_) (Nhi_ # Nlo_) A P = C # reverse T
  where
    Khi = reverse Khi_
    Klo = reverse Klo_
    Nhi = reverse Nhi_
    Nlo = reverse Nlo_

    S0 = Ascon_p`{12} [Ascon_AEAD128_IV, Khi, Klo, Nhi, Nlo]
       ^ [0, 0, 0, Khi, Klo]
    
    SA = AddAD S0 A
  
    SCs = zipWith XorBlock (take ([SA] # map Ascon_p`{8} SCs)) (toBlocks P)

    C = take (join [reverse s0 # reverse s1 | [s0, s1, _, _, _] <- SCs])

    ST = Ascon_p`{12} (last SCs ^ [0, 0, Khi, Klo, 0])
    T = ST@(4:[3]) # ST@(3:[3])
      ^ Klo # Khi

AddAD : {a} (fin a) => State -> [a] -> State
AddAD S A
  | a == 0 => DomainSep S
  | a > 0  => DomainSep (foldl AbsorbBlock S (toBlocks A))

XorBlock : State -> [128] -> State
XorBlock [s0, s1, s2, s3, s4] (x0 # x1) = [s0 ^ reverse x0, s1 ^ reverse x1, s2, s3, s4]

AbsorbBlock : State -> [128] -> State
AbsorbBlock S X = Ascon_p`{8} (XorBlock S X)

DomainSep : State -> State
DomainSep [s0, s1, s2, s3, s4] = [s0, s1, s2, s3, s4 ^ 0b1 # 0]

Ascon_AEAD128_IV : [64]
Ascon_AEAD128_IV = 0x00001000808c0001