1 files changed, 21 insertions, 2 deletions

diff --git a/crypto_aead/lilliputaei128v1/ref/cipher.c b/crypto_aead/lilliputaei128v1/ref/cipher.c
index aa51bf8..44d22cb 100644
--- a/crypto_aead/lilliputaei128v1/ref/cipher.c
+++ b/crypto_aead/lilliputaei128v1/ref/cipher.c
@@ -4,6 +4,7 @@
 #include <string.h>
 
 #include "cipher.h"
+#include "constants.h"
 #include "parameters.h"
 #include "tweakey.h"
 
@@ -78,8 +79,26 @@ static void _nonlinear_layer(cipher_state *X, const uint8_t RTK[ROUND_TWEAKEY_BY
 {
     debug_dump_buffer(X->debug, "     Non Linear Layer :", sizeof(X->X), X->X, 10);
     debug_dump_buffer(X->debug, "          Subtweakey :", ROUND_TWEAKEY_BYTES, RTK, 66);
-    debug_dump_buffer(X->debug, "          Variables xored :", ROUND_TWEAKEY_BYTES, RTK, 66);
-    debug_dump_buffer(X->debug, "          Variables sboxed :", ROUND_TWEAKEY_BYTES, RTK, 66);
+
+    uint8_t F[ROUND_TWEAKEY_BYTES];
+    for (size_t j=0; j<sizeof(F); j++)
+    {
+        F[j] = X->X[j] ^ RTK[j];
+    }
+    debug_dump_buffer(X->debug, "          Variables xored :", sizeof(F), F, 66);
+
+    for (size_t j=0; j<sizeof(F); j++)
+    {
+        F[j] = S[F[j]];
+    }
+    debug_dump_buffer(X->debug, "          Variables sboxed :", sizeof(F), F, 66);
+
+    for (size_t j=0; j<8; j++)
+    {
+        size_t dest_j = 15-j;
+        X->X[dest_j] ^= F[j];
+    }
+
     debug_dump_buffer(X->debug, "          State non linearized :", sizeof(X->X), X->X, 10);
 }