Add reference implementation verification scripts

ref-verification/aead.saw

@@ -0,0 +1,57 @@
+m <- llvm_load_module "aead.bc";
+
+include "common.saw";
+
+thm_P8 <- mk_P8;
+thm_P12 <- mk_P12;
+
+let verify_aead P_len A_len = do {
+  llvm_verify
+  m "crypto_aead_encrypt"
+  [thm_P12, thm_P8]
+  false
+  do {
+    // Inputs
+
+    let P_type = llvm_array P_len i8;
+    (P, P_ptr) <- fresh_alloc_readonly "P" P_type;
+
+    let A_type = llvm_array A_len i8;
+    (A, A_ptr) <- fresh_alloc_readonly "A" A_type;
+
+    let N_type = llvm_array 16 i8;
+    (N, N_ptr) <- fresh_alloc_readonly "N" N_type;
+
+    let K_type = llvm_array 16 i8;
+    (K, K_ptr) <- fresh_alloc_readonly "K" K_type;
+
+    // Outputs
+
+    let C_len = eval_size {| P_len + 16 |};
+    let C_type = llvm_array C_len i8;
+    C_ptr <- llvm_alloc C_type;
+
+    CLEN_ptr <- llvm_alloc i64;
+
+    llvm_execute_func
+      [ C_ptr, CLEN_ptr
+      , P_ptr, llvm_term {{ `P_len:[64] }}
+      , A_ptr, llvm_term {{ `A_len:[64] }}
+      , llvm_null
+      , N_ptr
+      , K_ptr
+      ];
+
+    llvm_points_to CLEN_ptr (llvm_term {{ `C_len : [64] }});
+    llvm_points_to C_ptr (llvm_term {{ C # T where (C,T) = AEAD128_encrypt_bytes K N A P }});
+    llvm_return (llvm_term {{ 0 : [32] }});
+  }
+  (unint_yices ["Ascon::Ascon_p"]);
+};
+
+verify_aead 0 0;
+verify_aead 0 1;
+verify_aead 1 0;
+verify_aead 10 10;
+verify_aead 20 20;
+verify_aead 33 100;