3 files changed, 112 insertions, 5 deletions
diff --git a/crypto_aead/lilliputaei128v1/ref/Makefile b/crypto_aead/lilliputaei128v1/ref/Makefile
index 607a15e..f005eee 100644
--- a/crypto_aead/lilliputaei128v1/ref/Makefile
+++ b/crypto_aead/lilliputaei128v1/ref/Makefile
@@ -1,4 +1,4 @@
-tests = test-tweakey test-tbc-encrypt test-tbc-decrypt test-ae-roundtrip
+tests = test-tweakey test-tbc-encrypt test-tbc-decrypt test-ae-roundtrip test-ae-encrypt
 
 nist_flags = -std=c99 -Wall -Wextra -Wshadow -fsanitize=address,undefined -O2
 CFLAGS += -I. $(nist_flags) -Werror
@@ -31,12 +31,14 @@ debug-%:
 	 diff -ru test/$*-ref results/$*-output
 
 
+results/test-ae-encrypt: results/lilliput-ae-i.o results/cipher.o results/tweakey.o results/constants.o | results
 results/test-ae-roundtrip: results/lilliput-ae-i.o results/cipher.o results/tweakey.o results/constants.o | results
 results/test-tbc-decrypt: results/cipher.o results/tweakey.o results/constants.o | results
 results/test-tbc-encrypt: results/cipher.o results/tweakey.o results/constants.o | results
 results/test-tweakey: results/tweakey.o results/constants.o | results
 
 results/test-*.o: test/helpers.h parameters.h
+results/test-ae-encrypt.o: lilliput-ae.h
 results/test-ae-roundtrip.o: lilliput-ae.h
 results/test-tbc-decrypt.o: cipher.h
 results/test-tbc-encrypt.o: cipher.h
@@ -47,9 +49,6 @@ results/constants.o: constants.h
 results/lilliput-ae-i.o: lilliput-ae.h cipher.h constants.h
 results/tweakey.o: tweakey.h constants.h parameters.h debug.h
 
-
-results/lilliput-ae-i.o: CFLAGS += -Wno-unused # FIXME: remove once implemented
-
 # TODO: should add order-only prerequisites to remove mkdirs inside recipes
 # TODO: add valgrind, although it does not seem to play well with ASAN
 # TODO: should use gcc -M... to generate .o -> .h dependencies
diff --git a/crypto_aead/lilliputaei128v1/ref/test/test-ae-encrypt.c b/crypto_aead/lilliputaei128v1/ref/test/test-ae-encrypt.c
new file mode 100644
index 0000000..c3ef461
--- /dev/null
+++ b/crypto_aead/lilliputaei128v1/ref/test/test-ae-encrypt.c
@@ -0,0 +1,108 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "lilliput-ae.h"
+
+#include "helpers.h"
+
+
+struct vector
+{
+    char *name;
+    uint8_t key[KEY_BYTES];
+    uint8_t nonce[NONCE_BYTES];
+    size_t auth_len;
+    uint8_t *auth;
+    size_t message_len;
+    uint8_t *message;
+    uint8_t *ciphertext;
+    uint8_t tag[TAG_BYTES];
+};
+
+typedef struct vector vector;
+
+
+const vector VECTORS[] = {
+    {
+        .name = "order",
+        .key = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+        },
+        .nonce = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e
+        },
+        .auth_len = 64,
+        .auth = (uint8_t[]) {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+            0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+            0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+            0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+            0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+        },
+        .message_len = 64,
+        .message = (uint8_t[]) {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+            0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+            0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+            0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+            0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+        },
+        .ciphertext = (uint8_t[]) {
+            0x92, 0xf0, 0xd5, 0x7c, 0x31, 0x0f, 0x73, 0x38,
+            0xbb, 0xc6, 0x11, 0xfb, 0xe7, 0x49, 0xd2, 0xcd,
+            0xae, 0x29, 0x67, 0xeb, 0xcd, 0xca, 0xd1, 0x07,
+            0xf0, 0x2d, 0x2a, 0x14, 0x8e, 0xec, 0x4d, 0xae,
+            0x92, 0xe3, 0x96, 0x65, 0x96, 0x84, 0xe3, 0x8d,
+            0x48, 0x36, 0x0e, 0x11, 0xec, 0xe2, 0x0a, 0x4e,
+            0xe4, 0x3c, 0xc0, 0xb5, 0xf8, 0xe7, 0xb9, 0x7a,
+            0xc1, 0xf4, 0x3b, 0xa7, 0x8b, 0xaa, 0x89, 0xe6
+        },
+        .tag = {
+            0xf3, 0x78, 0x87, 0xc3, 0xb0, 0x4a, 0xe7, 0x10,
+            0x8c, 0x14, 0x67, 0x0b, 0x38, 0x9c, 0xc0, 0x2c
+        }
+    }
+};
+
+
+int main()
+{
+    int diff = 0;
+
+    for (const vector *v=VECTORS; v<ARRAY_END(VECTORS); v++)
+    {
+        uint8_t ciphertext[v->message_len];
+        uint8_t tag[TAG_BYTES];
+
+        lilliput_ae_encrypt(
+            v->message_len, v->message,
+            v->auth_len, v->auth,
+            v->key, v->nonce,
+            ciphertext,
+            tag
+        );
+
+        if (memcmp(ciphertext, v->ciphertext, v->message_len) != 0)
+        {
+            REPORT_DIFFERENCE(v->name, "ciphertext");
+            diff++;
+        }
+
+        if (memcmp(tag, v->tag, TAG_BYTES) != 0)
+        {
+            REPORT_DIFFERENCE(v->name, "tag");
+            diff++;
+        }
+    }
+
+    return diff;
+}
diff --git a/crypto_aead/lilliputaei128v1/ref/test/test-ae-roundtrip.c b/crypto_aead/lilliputaei128v1/ref/test/test-ae-roundtrip.c
index a7bd8ed..c9b2a1c 100644
--- a/crypto_aead/lilliputaei128v1/ref/test/test-ae-roundtrip.c
+++ b/crypto_aead/lilliputaei128v1/ref/test/test-ae-roundtrip.c
@@ -80,7 +80,7 @@ int main()
 
     for (const vector *v=VECTORS; v<ARRAY_END(VECTORS); v++)
     {
-        uint8_t ciphertext[v->message_len+BLOCK_BYTES];
+        uint8_t ciphertext[v->message_len];
         uint8_t tag[TAG_BYTES];
 
         lilliput_ae_encrypt(