03b0fa91dfb2a04823687048746daaac5305c33e
[openssl.git] / test / poly1305_internal_test.c
1 /*
2  * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 /* Internal tests for the poly1305 module */
11
12 #include <stdio.h>
13 #include <string.h>
14
15 #include "testutil.h"
16 #include "test_main_custom.h"
17 #include "internal/poly1305.h"
18 #include "../crypto/poly1305/poly1305_local.h"
19 #include "e_os.h"
20
21 typedef struct {
22     size_t size;
23     const unsigned char data[1024];
24 } SIZED_DATA;
25
26 typedef struct {
27     SIZED_DATA input;
28     SIZED_DATA key;
29     SIZED_DATA expected;
30 } TESTDATA;
31
32 /**********************************************************************
33  *
34  * Test of poly1305 internal functions
35  *
36  ***/
37
38 static void benchmark_poly1305()
39 {
40 # ifdef OPENSSL_CPUID_OBJ
41     POLY1305 poly1305;
42     unsigned char key[32];
43     unsigned char buf[8192];
44     unsigned long long stopwatch;
45     unsigned long long OPENSSL_rdtsc();
46     unsigned int i;
47
48     memset (buf,0x55,sizeof(buf));
49     memset (key,0xAA,sizeof(key));
50
51     Poly1305_Init(&poly1305, key);
52
53     for (i=0;i<100000;i++)
54         Poly1305_Update(&poly1305,buf,sizeof(buf));
55
56     stopwatch = OPENSSL_rdtsc();
57     for (i=0;i<10000;i++)
58         Poly1305_Update(&poly1305,buf,sizeof(buf));
59     stopwatch = OPENSSL_rdtsc() - stopwatch;
60
61     printf("%g\n",stopwatch/(double)(i*sizeof(buf)));
62
63     stopwatch = OPENSSL_rdtsc();
64     for (i=0;i<10000;i++) {
65         Poly1305_Init(&poly1305, key);
66         Poly1305_Update(&poly1305,buf,16);
67         Poly1305_Final(&poly1305,buf);
68     }
69     stopwatch = OPENSSL_rdtsc() - stopwatch;
70
71     printf("%g\n",stopwatch/(double)(i));
72 # else
73     fprintf(stderr,
74             "Benchmarking of poly1305 isn't available on this platform\n");
75 # endif
76 }
77
78 static TESTDATA tests[] = {
79     /*
80      * RFC7539
81      */
82     {
83         {
84             34,
85             {
86                 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72,
87                 0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f,
88                 0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65,
89                 0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f,
90
91                 0x75, 0x70
92             }
93         },
94         {
95             32,
96             {
97                 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33,
98                 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8,
99                 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd,
100                 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b
101             }
102         },
103         {
104             16,
105             {
106                 0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
107                 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9
108             }
109         }
110     },
111     /*
112      * test vectors from "The Poly1305-AES message-authentication code"
113      */
114     {
115         {
116             2,
117             {
118                 0xf3, 0xf6
119             }
120         },
121         {
122             32,
123             {
124                 0x85, 0x1f, 0xc4, 0x0c, 0x34, 0x67, 0xac, 0x0b,
125                 0xe0, 0x5c, 0xc2, 0x04, 0x04, 0xf3, 0xf7, 0x00,
126                 0x58, 0x0b, 0x3b, 0x0f, 0x94, 0x47, 0xbb, 0x1e,
127                 0x69, 0xd0, 0x95, 0xb5, 0x92, 0x8b, 0x6d, 0xbc
128             }
129         },
130         {
131             16,
132             {
133                 0xf4, 0xc6, 0x33, 0xc3, 0x04, 0x4f, 0xc1, 0x45,
134                 0xf8, 0x4f, 0x33, 0x5c, 0xb8, 0x19, 0x53, 0xde
135             }
136         }
137     },
138     {
139         {
140             0,
141             {
142                 0
143             }
144         },
145         {
146             32,
147             {
148                 0xa0, 0xf3, 0x08, 0x00, 0x00, 0xf4, 0x64, 0x00,
149                 0xd0, 0xc7, 0xe9, 0x07, 0x6c, 0x83, 0x44, 0x03,
150                 0xdd, 0x3f, 0xab, 0x22, 0x51, 0xf1, 0x1a, 0xc7,
151                 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7
152             }
153         },
154         {
155             16,
156             {
157                 0xdd, 0x3f, 0xab, 0x22, 0x51, 0xf1, 0x1a, 0xc7,
158                 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7
159             }
160         }
161     },
162     {
163         {
164             32,
165             {
166                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
167                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
168                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
169                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36
170             }
171         },
172         {
173             32,
174             {
175                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
176                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
177                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
178                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef
179             }
180         },
181         {
182             16,
183             {
184                 0x0e, 0xe1, 0xc1, 0x6b, 0xb7, 0x3f, 0x0f, 0x4f,
185                 0xd1, 0x98, 0x81, 0x75, 0x3c, 0x01, 0xcd, 0xbe
186             }
187         }
188     },
189     {
190         {
191             63,
192             {
193                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
194                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
195                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
196                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
197
198                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
199                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
200                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
201                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9
202             }
203         },
204         {
205             32,
206             {
207                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
208                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
209                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
210                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
211             }
212         },
213         {
214             16,
215             {
216                 0x51, 0x54, 0xad, 0x0d, 0x2c, 0xb2, 0x6e, 0x01,
217                 0x27, 0x4f, 0xc5, 0x11, 0x48, 0x49, 0x1f, 0x1b
218             }
219         },
220     },
221     /*
222      * self-generated vectors exercise "significant" lengths, such that
223      * are handled by different code paths
224      */
225     {
226         {
227             64,
228             {
229                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
230                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
231                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
232                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
233
234                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
235                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
236                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
237                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf
238             }
239         },
240         {
241             32,
242             {
243                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
244                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
245                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
246                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
247             }
248         },
249         {
250             16,
251             {
252                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
253                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66
254             }
255         },
256     },
257     {
258         {
259             48,
260             {
261                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
262                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
263                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
264                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
265
266                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
267                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67
268             }
269         },
270         {
271             32,
272             {
273                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
274                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
275                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
276                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
277
278             }
279         },
280         {
281             16,
282             {
283                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
284                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61
285             }
286         },
287     },
288     {
289         {
290             96,
291             {
292                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
293                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
294                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
295                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
296
297                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
298                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
299                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
300                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
301
302                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
303                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
304                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
305                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36
306             }
307         },
308         {
309             32,
310             {
311                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
312                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
313                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
314                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
315             }
316         },
317         {
318             16,
319             {
320                 0xbb, 0xb6, 0x13, 0xb2, 0xb6, 0xd7, 0x53, 0xba,
321                 0x07, 0x39, 0x5b, 0x91, 0x6a, 0xae, 0xce, 0x15
322             }
323         },
324     },
325     {
326         {
327             112,
328             {
329                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
330                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
331                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
332                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
333
334                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
335                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
336                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
337                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
338
339                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
340                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
341                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
342                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
343
344                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
345                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24
346             }
347         },
348         {
349             32,
350             {
351                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
352                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
353                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
354                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
355             }
356         },
357         {
358             16,
359             {
360                 0xc7, 0x94, 0xd7, 0x05, 0x7d, 0x17, 0x78, 0xc4,
361                 0xbb, 0xee, 0x0a, 0x39, 0xb3, 0xd9, 0x73, 0x42
362             }
363         },
364     },
365     {
366         {
367             128,
368             {
369                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
370                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
371                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
372                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
373
374                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
375                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
376                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
377                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
378
379                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
380                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
381                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
382                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
383
384                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
385                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
386                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
387                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36
388             }
389         },
390         {
391             32,
392             {
393                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
394                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
395                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
396                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
397             }
398         },
399         {
400             16,
401             {
402                 0xff, 0xbc, 0xb9, 0xb3, 0x71, 0x42, 0x31, 0x52,
403                 0xd7, 0xfc, 0xa5, 0xad, 0x04, 0x2f, 0xba, 0xa9
404             }
405         },
406     },
407     {
408         {
409             144,
410             {
411                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
412                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
413                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
414                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
415
416                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
417                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
418                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
419                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
420
421                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
422                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
423                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
424                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
425
426                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
427                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
428                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
429                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
430
431                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
432                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66
433             }
434         },
435         {
436             32,
437             {
438                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
439                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
440                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
441                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
442             }
443         },
444         {
445             16,
446             {
447                 0x06, 0x9e, 0xd6, 0xb8, 0xef, 0x0f, 0x20, 0x7b,
448                 0x3e, 0x24, 0x3b, 0xb1, 0x01, 0x9f, 0xe6, 0x32
449             }
450         },
451     },
452     {
453         {
454             160,
455             {
456                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
457                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
458                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
459                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
460
461                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
462                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
463                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
464                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
465
466                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
467                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
468                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
469                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
470
471                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
472                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
473                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
474                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
475
476                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
477                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66,
478                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
479                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61
480             }
481         },
482         {
483             32,
484             {
485                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
486                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
487                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
488                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
489             }
490         },
491         {
492             16,
493             {
494                 0xcc, 0xa3, 0x39, 0xd9, 0xa4, 0x5f, 0xa2, 0x36,
495                 0x8c, 0x2c, 0x68, 0xb3, 0xa4, 0x17, 0x91, 0x33
496             }
497         },
498     },
499     {
500         {
501             288,
502             {
503                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
504                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
505                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
506                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
507
508                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
509                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
510                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
511                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
512
513                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
514                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
515                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
516                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
517
518                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
519                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
520                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
521                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
522
523                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
524                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66,
525                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
526                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61,
527
528                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
529                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
530                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
531                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
532
533                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
534                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
535                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
536                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
537
538                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
539                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
540                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
541                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
542
543                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
544                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
545                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
546                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36
547             }
548         },
549         {
550             32,
551             {
552                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
553                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
554                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
555                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
556             }
557         },
558         {
559             16,
560             {
561                 0x53, 0xf6, 0xe8, 0x28, 0xa2, 0xf0, 0xfe, 0x0e,
562                 0xe8, 0x15, 0xbf, 0x0b, 0xd5, 0x84, 0x1a, 0x34
563             }
564         },
565     },
566     {
567         {
568             320,
569             {
570                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
571                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
572                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
573                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
574
575                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
576                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
577                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
578                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
579
580                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
581                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
582                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
583                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
584
585                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
586                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
587                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
588                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
589
590                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
591                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66,
592                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
593                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61,
594
595                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
596                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
597                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
598                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
599
600                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
601                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
602                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
603                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
604
605                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
606                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
607                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
608                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
609
610                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
611                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
612                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
613                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
614
615                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
616                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66,
617                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
618                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61
619             }
620         },
621         {
622             32,
623             {
624                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
625                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
626                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
627                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
628             }
629         },
630         {
631             16,
632             {
633                 0xb8, 0x46, 0xd4, 0x4e, 0x9b, 0xbd, 0x53, 0xce,
634                 0xdf, 0xfb, 0xfb, 0xb6, 0xb7, 0xfa, 0x49, 0x33
635             }
636         },
637     },
638     /*
639      * 4th power of the key spills to 131th bit in SIMD key setup
640      */
641     {
642         {
643             256,
644             {
645                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
646                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
647                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
648                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
649
650                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
651                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
652                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
653                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
654
655                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
656                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
657                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
658                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
659
660                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
661                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
662                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
663                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
664
665                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
666                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
667                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
668                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
669
670                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
671                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
672                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
673                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
674
675                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
676                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
677                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
678                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
679
680                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
681                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
682                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
683                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
684             }
685         },
686         {
687             32,
688             {
689                 0xad, 0x62, 0x81, 0x07, 0xe8, 0x35, 0x1d, 0x0f,
690                 0x2c, 0x23, 0x1a, 0x05, 0xdc, 0x4a, 0x41, 0x06,
691                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
692                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
693             }
694         },
695         {
696             16,
697             {
698                 0x07, 0x14, 0x5a, 0x4c, 0x02, 0xfe, 0x5f, 0xa3,
699                 0x20, 0x36, 0xde, 0x68, 0xfa, 0xbe, 0x90, 0x66
700             }
701         },
702     },
703     /*
704      * poly1305_ieee754.c failed this in final stage
705      */
706     {
707         {
708             252,
709             {
710                 0x84, 0x23, 0x64, 0xe1, 0x56, 0x33, 0x6c, 0x09,
711                 0x98, 0xb9, 0x33, 0xa6, 0x23, 0x77, 0x26, 0x18,
712                 0x0d, 0x9e, 0x3f, 0xdc, 0xbd, 0xe4, 0xcd, 0x5d,
713                 0x17, 0x08, 0x0f, 0xc3, 0xbe, 0xb4, 0x96, 0x14,
714
715                 0xd7, 0x12, 0x2c, 0x03, 0x74, 0x63, 0xff, 0x10,
716                 0x4d, 0x73, 0xf1, 0x9c, 0x12, 0x70, 0x46, 0x28,
717                 0xd4, 0x17, 0xc4, 0xc5, 0x4a, 0x3f, 0xe3, 0x0d,
718                 0x3c, 0x3d, 0x77, 0x14, 0x38, 0x2d, 0x43, 0xb0,
719
720                 0x38, 0x2a, 0x50, 0xa5, 0xde, 0xe5, 0x4b, 0xe8,
721                 0x44, 0xb0, 0x76, 0xe8, 0xdf, 0x88, 0x20, 0x1a,
722                 0x1c, 0xd4, 0x3b, 0x90, 0xeb, 0x21, 0x64, 0x3f,
723                 0xa9, 0x6f, 0x39, 0xb5, 0x18, 0xaa, 0x83, 0x40,
724
725                 0xc9, 0x42, 0xff, 0x3c, 0x31, 0xba, 0xf7, 0xc9,
726                 0xbd, 0xbf, 0x0f, 0x31, 0xae, 0x3f, 0xa0, 0x96,
727                 0xbf, 0x8c, 0x63, 0x03, 0x06, 0x09, 0x82, 0x9f,
728                 0xe7, 0x2e, 0x17, 0x98, 0x24, 0x89, 0x0b, 0xc8,
729
730                 0xe0, 0x8c, 0x31, 0x5c, 0x1c, 0xce, 0x2a, 0x83,
731                 0x14, 0x4d, 0xbb, 0xff, 0x09, 0xf7, 0x4e, 0x3e,
732                 0xfc, 0x77, 0x0b, 0x54, 0xd0, 0x98, 0x4a, 0x8f,
733                 0x19, 0xb1, 0x47, 0x19, 0xe6, 0x36, 0x35, 0x64,
734
735                 0x1d, 0x6b, 0x1e, 0xed, 0xf6, 0x3e, 0xfb, 0xf0,
736                 0x80, 0xe1, 0x78, 0x3d, 0x32, 0x44, 0x54, 0x12,
737                 0x11, 0x4c, 0x20, 0xde, 0x0b, 0x83, 0x7a, 0x0d,
738                 0xfa, 0x33, 0xd6, 0xb8, 0x28, 0x25, 0xff, 0xf4,
739
740                 0x4c, 0x9a, 0x70, 0xea, 0x54, 0xce, 0x47, 0xf0,
741                 0x7d, 0xf6, 0x98, 0xe6, 0xb0, 0x33, 0x23, 0xb5,
742                 0x30, 0x79, 0x36, 0x4a, 0x5f, 0xc3, 0xe9, 0xdd,
743                 0x03, 0x43, 0x92, 0xbd, 0xde, 0x86, 0xdc, 0xcd,
744
745                 0xda, 0x94, 0x32, 0x1c, 0x5e, 0x44, 0x06, 0x04,
746                 0x89, 0x33, 0x6c, 0xb6, 0x5b, 0xf3, 0x98, 0x9c,
747                 0x36, 0xf7, 0x28, 0x2c, 0x2f, 0x5d, 0x2b, 0x88,
748                 0x2c, 0x17, 0x1e, 0x74
749             }
750         },
751         {
752             32,
753             {
754                 0x95, 0xd5, 0xc0, 0x05, 0x50, 0x3e, 0x51, 0x0d,
755                 0x8c, 0xd0, 0xaa, 0x07, 0x2c, 0x4a, 0x4d, 0x06,
756                 0x6e, 0xab, 0xc5, 0x2d, 0x11, 0x65, 0x3d, 0xf4,
757                 0x7f, 0xbf, 0x63, 0xab, 0x19, 0x8b, 0xcc, 0x26
758             }
759         },
760         {
761             16,
762             {
763                 0xf2, 0x48, 0x31, 0x2e, 0x57, 0x8d, 0x9d, 0x58,
764                 0xf8, 0xb7, 0xbb, 0x4d, 0x19, 0x10, 0x54, 0x31
765             }
766         },
767     },
768     /*
769      * AVX2 in poly1305-x86.pl failed this with 176+32 split
770      */
771     {
772         {
773             208,
774             {
775                 0x24, 0x8a, 0xc3, 0x10, 0x85, 0xb6, 0xc2, 0xad,
776                 0xaa, 0xa3, 0x82, 0x59, 0xa0, 0xd7, 0x19, 0x2c,
777                 0x5c, 0x35, 0xd1, 0xbb, 0x4e, 0xf3, 0x9a, 0xd9,
778                 0x4c, 0x38, 0xd1, 0xc8, 0x24, 0x79, 0xe2, 0xdd,
779
780                 0x21, 0x59, 0xa0, 0x77, 0x02, 0x4b, 0x05, 0x89,
781                 0xbc, 0x8a, 0x20, 0x10, 0x1b, 0x50, 0x6f, 0x0a,
782                 0x1a, 0xd0, 0xbb, 0xab, 0x76, 0xe8, 0x3a, 0x83,
783                 0xf1, 0xb9, 0x4b, 0xe6, 0xbe, 0xae, 0x74, 0xe8,
784
785                 0x74, 0xca, 0xb6, 0x92, 0xc5, 0x96, 0x3a, 0x75,
786                 0x43, 0x6b, 0x77, 0x61, 0x21, 0xec, 0x9f, 0x62,
787                 0x39, 0x9a, 0x3e, 0x66, 0xb2, 0xd2, 0x27, 0x07,
788                 0xda, 0xe8, 0x19, 0x33, 0xb6, 0x27, 0x7f, 0x3c,
789
790                 0x85, 0x16, 0xbc, 0xbe, 0x26, 0xdb, 0xbd, 0x86,
791                 0xf3, 0x73, 0x10, 0x3d, 0x7c, 0xf4, 0xca, 0xd1,
792                 0x88, 0x8c, 0x95, 0x21, 0x18, 0xfb, 0xfb, 0xd0,
793                 0xd7, 0xb4, 0xbe, 0xdc, 0x4a, 0xe4, 0x93, 0x6a,
794
795                 0xff, 0x91, 0x15, 0x7e, 0x7a, 0xa4, 0x7c, 0x54,
796                 0x44, 0x2e, 0xa7, 0x8d, 0x6a, 0xc2, 0x51, 0xd3,
797                 0x24, 0xa0, 0xfb, 0xe4, 0x9d, 0x89, 0xcc, 0x35,
798                 0x21, 0xb6, 0x6d, 0x16, 0xe9, 0xc6, 0x6a, 0x37,
799
800                 0x09, 0x89, 0x4e, 0x4e, 0xb0, 0xa4, 0xee, 0xdc,
801                 0x4a, 0xe1, 0x94, 0x68, 0xe6, 0x6b, 0x81, 0xf2,
802
803                 0x71, 0x35, 0x1b, 0x1d, 0x92, 0x1e, 0xa5, 0x51,
804                 0x04, 0x7a, 0xbc, 0xc6, 0xb8, 0x7a, 0x90, 0x1f,
805                 0xde, 0x7d, 0xb7, 0x9f, 0xa1, 0x81, 0x8c, 0x11,
806                 0x33, 0x6d, 0xbc, 0x07, 0x24, 0x4a, 0x40, 0xeb
807             }
808         },
809         {
810             32,
811             {
812                 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
813                 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
814                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
815                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
816             }
817         },
818         {
819             16,
820             {
821                 0xbc, 0x93, 0x9b, 0xc5, 0x28, 0x14, 0x80, 0xfa,
822                 0x99, 0xc6, 0xd6, 0x8c, 0x25, 0x8e, 0xc4, 0x2f
823             }
824         },
825     },
826     /*
827      * test vectors from Google
828      */
829     {
830         {
831             0,
832             {
833                 0x00,
834             }
835         },
836         {
837             32,
838             {
839                 0xc8, 0xaf, 0xaa, 0xc3, 0x31, 0xee, 0x37, 0x2c,
840                 0xd6, 0x08, 0x2d, 0xe1, 0x34, 0x94, 0x3b, 0x17,
841                 0x47, 0x10, 0x13, 0x0e, 0x9f, 0x6f, 0xea, 0x8d,
842                 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c
843             }
844         },
845         {
846             16,
847             {
848                 0x47, 0x10, 0x13, 0x0e, 0x9f, 0x6f, 0xea, 0x8d,
849                 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c
850             }
851         },
852     },
853     {
854         {
855             12,
856             {
857                 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f,
858                 0x72, 0x6c, 0x64, 0x21
859             }
860         },
861         {
862             32,
863             {
864                 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
865                 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20,
866                 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20,
867                 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35
868             }
869         },
870         {
871             16,
872             {
873                 0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16,
874                 0xa2, 0x0d, 0xcc, 0x74, 0xee, 0xf2, 0xb2, 0xf0
875             }
876         },
877     },
878     {
879         {
880             32,
881             {
882                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
883                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
884                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
885                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
886             }
887         },
888         {
889             32,
890             {
891                 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
892                 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20,
893                 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20,
894                 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35
895             }
896         },
897         {
898             16,
899             {
900                 0x49, 0xec, 0x78, 0x09, 0x0e, 0x48, 0x1e, 0xc6,
901                 0xc2, 0x6b, 0x33, 0xb9, 0x1c, 0xcc, 0x03, 0x07
902             }
903         },
904     },
905     {
906         {
907             128,
908             {
909                 0x89, 0xda, 0xb8, 0x0b, 0x77, 0x17, 0xc1, 0xdb,
910                 0x5d, 0xb4, 0x37, 0x86, 0x0a, 0x3f, 0x70, 0x21,
911                 0x8e, 0x93, 0xe1, 0xb8, 0xf4, 0x61, 0xfb, 0x67,
912                 0x7f, 0x16, 0xf3, 0x5f, 0x6f, 0x87, 0xe2, 0xa9,
913
914                 0x1c, 0x99, 0xbc, 0x3a, 0x47, 0xac, 0xe4, 0x76,
915                 0x40, 0xcc, 0x95, 0xc3, 0x45, 0xbe, 0x5e, 0xcc,
916                 0xa5, 0xa3, 0x52, 0x3c, 0x35, 0xcc, 0x01, 0x89,
917                 0x3a, 0xf0, 0xb6, 0x4a, 0x62, 0x03, 0x34, 0x27,
918
919                 0x03, 0x72, 0xec, 0x12, 0x48, 0x2d, 0x1b, 0x1e,
920                 0x36, 0x35, 0x61, 0x69, 0x8a, 0x57, 0x8b, 0x35,
921                 0x98, 0x03, 0x49, 0x5b, 0xb4, 0xe2, 0xef, 0x19,
922                 0x30, 0xb1, 0x7a, 0x51, 0x90, 0xb5, 0x80, 0xf1,
923
924                 0x41, 0x30, 0x0d, 0xf3, 0x0a, 0xdb, 0xec, 0xa2,
925                 0x8f, 0x64, 0x27, 0xa8, 0xbc, 0x1a, 0x99, 0x9f,
926                 0xd5, 0x1c, 0x55, 0x4a, 0x01, 0x7d, 0x09, 0x5d,
927                 0x8c, 0x3e, 0x31, 0x27, 0xda, 0xf9, 0xf5, 0x95
928             }
929         },
930         {
931             32,
932             {
933                 0x2d, 0x77, 0x3b, 0xe3, 0x7a, 0xdb, 0x1e, 0x4d,
934                 0x68, 0x3b, 0xf0, 0x07, 0x5e, 0x79, 0xc4, 0xee,
935                 0x03, 0x79, 0x18, 0x53, 0x5a, 0x7f, 0x99, 0xcc,
936                 0xb7, 0x04, 0x0f, 0xb5, 0xf5, 0xf4, 0x3a, 0xea
937             }
938         },
939         {
940             16,
941             {
942                 0xc8, 0x5d, 0x15, 0xed, 0x44, 0xc3, 0x78, 0xd6,
943                 0xb0, 0x0e, 0x23, 0x06, 0x4c, 0x7b, 0xcd, 0x51
944             }
945         },
946     },
947     {
948         {
949             528,
950             {
951                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
952                 0x17, 0x03, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00,
953
954                 0x06, 0xdb, 0x1f, 0x1f, 0x36, 0x8d, 0x69, 0x6a,
955                 0x81, 0x0a, 0x34, 0x9c, 0x0c, 0x71, 0x4c, 0x9a,
956                 0x5e, 0x78, 0x50, 0xc2, 0x40, 0x7d, 0x72, 0x1a,
957                 0xcd, 0xed, 0x95, 0xe0, 0x18, 0xd7, 0xa8, 0x52,
958
959                 0x66, 0xa6, 0xe1, 0x28, 0x9c, 0xdb, 0x4a, 0xeb,
960                 0x18, 0xda, 0x5a, 0xc8, 0xa2, 0xb0, 0x02, 0x6d,
961                 0x24, 0xa5, 0x9a, 0xd4, 0x85, 0x22, 0x7f, 0x3e,
962                 0xae, 0xdb, 0xb2, 0xe7, 0xe3, 0x5e, 0x1c, 0x66,
963
964                 0xcd, 0x60, 0xf9, 0xab, 0xf7, 0x16, 0xdc, 0xc9,
965                 0xac, 0x42, 0x68, 0x2d, 0xd7, 0xda, 0xb2, 0x87,
966                 0xa7, 0x02, 0x4c, 0x4e, 0xef, 0xc3, 0x21, 0xcc,
967                 0x05, 0x74, 0xe1, 0x67, 0x93, 0xe3, 0x7c, 0xec,
968
969                 0x03, 0xc5, 0xbd, 0xa4, 0x2b, 0x54, 0xc1, 0x14,
970                 0xa8, 0x0b, 0x57, 0xaf, 0x26, 0x41, 0x6c, 0x7b,
971                 0xe7, 0x42, 0x00, 0x5e, 0x20, 0x85, 0x5c, 0x73,
972                 0xe2, 0x1d, 0xc8, 0xe2, 0xed, 0xc9, 0xd4, 0x35,
973
974                 0xcb, 0x6f, 0x60, 0x59, 0x28, 0x00, 0x11, 0xc2,
975                 0x70, 0xb7, 0x15, 0x70, 0x05, 0x1c, 0x1c, 0x9b,
976                 0x30, 0x52, 0x12, 0x66, 0x20, 0xbc, 0x1e, 0x27,
977                 0x30, 0xfa, 0x06, 0x6c, 0x7a, 0x50, 0x9d, 0x53,
978
979                 0xc6, 0x0e, 0x5a, 0xe1, 0xb4, 0x0a, 0xa6, 0xe3,
980                 0x9e, 0x49, 0x66, 0x92, 0x28, 0xc9, 0x0e, 0xec,
981                 0xb4, 0xa5, 0x0d, 0xb3, 0x2a, 0x50, 0xbc, 0x49,
982                 0xe9, 0x0b, 0x4f, 0x4b, 0x35, 0x9a, 0x1d, 0xfd,
983
984                 0x11, 0x74, 0x9c, 0xd3, 0x86, 0x7f, 0xcf, 0x2f,
985                 0xb7, 0xbb, 0x6c, 0xd4, 0x73, 0x8f, 0x6a, 0x4a,
986                 0xd6, 0xf7, 0xca, 0x50, 0x58, 0xf7, 0x61, 0x88,
987                 0x45, 0xaf, 0x9f, 0x02, 0x0f, 0x6c, 0x3b, 0x96,
988
989                 0x7b, 0x8f, 0x4c, 0xd4, 0xa9, 0x1e, 0x28, 0x13,
990                 0xb5, 0x07, 0xae, 0x66, 0xf2, 0xd3, 0x5c, 0x18,
991                 0x28, 0x4f, 0x72, 0x92, 0x18, 0x60, 0x62, 0xe1,
992                 0x0f, 0xd5, 0x51, 0x0d, 0x18, 0x77, 0x53, 0x51,
993
994                 0xef, 0x33, 0x4e, 0x76, 0x34, 0xab, 0x47, 0x43,
995                 0xf5, 0xb6, 0x8f, 0x49, 0xad, 0xca, 0xb3, 0x84,
996                 0xd3, 0xfd, 0x75, 0xf7, 0x39, 0x0f, 0x40, 0x06,
997                 0xef, 0x2a, 0x29, 0x5c, 0x8c, 0x7a, 0x07, 0x6a,
998
999                 0xd5, 0x45, 0x46, 0xcd, 0x25, 0xd2, 0x10, 0x7f,
1000                 0xbe, 0x14, 0x36, 0xc8, 0x40, 0x92, 0x4a, 0xae,
1001                 0xbe, 0x5b, 0x37, 0x08, 0x93, 0xcd, 0x63, 0xd1,
1002                 0x32, 0x5b, 0x86, 0x16, 0xfc, 0x48, 0x10, 0x88,
1003
1004                 0x6b, 0xc1, 0x52, 0xc5, 0x32, 0x21, 0xb6, 0xdf,
1005                 0x37, 0x31, 0x19, 0x39, 0x32, 0x55, 0xee, 0x72,
1006                 0xbc, 0xaa, 0x88, 0x01, 0x74, 0xf1, 0x71, 0x7f,
1007                 0x91, 0x84, 0xfa, 0x91, 0x64, 0x6f, 0x17, 0xa2,
1008
1009                 0x4a, 0xc5, 0x5d, 0x16, 0xbf, 0xdd, 0xca, 0x95,
1010                 0x81, 0xa9, 0x2e, 0xda, 0x47, 0x92, 0x01, 0xf0,
1011                 0xed, 0xbf, 0x63, 0x36, 0x00, 0xd6, 0x06, 0x6d,
1012                 0x1a, 0xb3, 0x6d, 0x5d, 0x24, 0x15, 0xd7, 0x13,
1013
1014                 0x51, 0xbb, 0xcd, 0x60, 0x8a, 0x25, 0x10, 0x8d,
1015                 0x25, 0x64, 0x19, 0x92, 0xc1, 0xf2, 0x6c, 0x53,
1016                 0x1c, 0xf9, 0xf9, 0x02, 0x03, 0xbc, 0x4c, 0xc1,
1017                 0x9f, 0x59, 0x27, 0xd8, 0x34, 0xb0, 0xa4, 0x71,
1018
1019                 0x16, 0xd3, 0x88, 0x4b, 0xbb, 0x16, 0x4b, 0x8e,
1020                 0xc8, 0x83, 0xd1, 0xac, 0x83, 0x2e, 0x56, 0xb3,
1021                 0x91, 0x8a, 0x98, 0x60, 0x1a, 0x08, 0xd1, 0x71,
1022                 0x88, 0x15, 0x41, 0xd5, 0x94, 0xdb, 0x39, 0x9c,
1023
1024                 0x6a, 0xe6, 0x15, 0x12, 0x21, 0x74, 0x5a, 0xec,
1025                 0x81, 0x4c, 0x45, 0xb0, 0xb0, 0x5b, 0x56, 0x54,
1026                 0x36, 0xfd, 0x6f, 0x13, 0x7a, 0xa1, 0x0a, 0x0c,
1027                 0x0b, 0x64, 0x37, 0x61, 0xdb, 0xd6, 0xf9, 0xa9,
1028
1029                 0xdc, 0xb9, 0x9b, 0x1a, 0x6e, 0x69, 0x08, 0x54,
1030                 0xce, 0x07, 0x69, 0xcd, 0xe3, 0x97, 0x61, 0xd8,
1031                 0x2f, 0xcd, 0xec, 0x15, 0xf0, 0xd9, 0x2d, 0x7d,
1032                 0x8e, 0x94, 0xad, 0xe8, 0xeb, 0x83, 0xfb, 0xe0
1033             }
1034         },
1035         {
1036             32,
1037             {
1038                 0x99, 0xe5, 0x82, 0x2d, 0xd4, 0x17, 0x3c, 0x99,
1039                 0x5e, 0x3d, 0xae, 0x0d, 0xde, 0xfb, 0x97, 0x74,
1040                 0x3f, 0xde, 0x3b, 0x08, 0x01, 0x34, 0xb3, 0x9f,
1041                 0x76, 0xe9, 0xbf, 0x8d, 0x0e, 0x88, 0xd5, 0x46
1042             }
1043         },
1044         {
1045             16,
1046             {
1047                 0x26, 0x37, 0x40, 0x8f, 0xe1, 0x30, 0x86, 0xea,
1048                 0x73, 0xf9, 0x71, 0xe3, 0x42, 0x5e, 0x28, 0x20
1049             }
1050         },
1051     },
1052     /*
1053      * test vectors from Hanno Böck
1054      */
1055     {
1056         {
1057             257,
1058             {
1059                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1060                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1061                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1062                 0xcc, 0x80, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1063
1064                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1065                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1066                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1067                 0xcc, 0xcc, 0xcc, 0xcc, 0xce, 0xcc, 0xcc, 0xcc,
1068
1069                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1070                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xc5,
1071                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1072                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1073
1074                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xe3, 0xcc, 0xcc,
1075                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1076                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1077                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1078
1079                 0xcc, 0xcc, 0xcc, 0xcc, 0xac, 0xcc, 0xcc, 0xcc,
1080                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xe6,
1081                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x00, 0x00, 0x00,
1082                 0xaf, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1083
1084                 0xcc, 0xcc, 0xff, 0xff, 0xff, 0xf5, 0x00, 0x00,
1085                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1086                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1087                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1088
1089                 0x00, 0xff, 0xff, 0xff, 0xe7, 0x00, 0x00, 0x00,
1090                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1091                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1092                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1093
1094                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1095                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1096                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1097                 0x00, 0x00, 0x71, 0x92, 0x05, 0xa8, 0x52, 0x1d,
1098
1099                 0xfc
1100             }
1101         },
1102         {
1103             32,
1104             {
1105                 0x7f, 0x1b, 0x02, 0x64, 0x00, 0x00, 0x00, 0x00,
1106                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1107                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1108                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc
1109             }
1110         },
1111         {
1112             16,
1113             {
1114                 0x85, 0x59, 0xb8, 0x76, 0xec, 0xee, 0xd6, 0x6e,
1115                 0xb3, 0x77, 0x98, 0xc0, 0x45, 0x7b, 0xaf, 0xf9
1116             }
1117         },
1118     },
1119     {
1120         {
1121             39,
1122             {
1123                 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1124                 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1125                 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1126                 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00,
1127
1128                 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x64
1129             }
1130         },
1131         {
1132             32,
1133             {
1134                 0xe0, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00,
1135                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1136                 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1137                 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1138             }
1139         },
1140         {
1141             16,
1142             {
1143                 0x00, 0xbd, 0x12, 0x58, 0x97, 0x8e, 0x20, 0x54,
1144                 0x44, 0xc9, 0xaa, 0xaa, 0x82, 0x00, 0x6f, 0xed
1145             }
1146         },
1147     },
1148     {
1149         {
1150             2,
1151             {
1152                 0x02, 0xfc
1153             }
1154         },
1155         {
1156             32,
1157             {
1158                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1159                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1160                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1161                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1162             }
1163         },
1164         {
1165             16,
1166             {
1167                 0x06, 0x12, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1168                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1169             }
1170         },
1171     },
1172     {
1173         {
1174             415,
1175             {
1176                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1177                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1178                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1179                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1180
1181                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7a, 0x7b,
1182                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1183                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1184                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1185
1186                 0x7b, 0x7b, 0x5c, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1187                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1188                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1189                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1190
1191                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1192                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1193                 0x7b, 0x7b, 0x7b, 0x7b, 0x6e, 0x7b, 0x00, 0x7b,
1194                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1195
1196                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1197                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1198                 0x7b, 0x7b, 0x7b, 0x7a, 0x7b, 0x7b, 0x7b, 0x7b,
1199                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1200
1201                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1202                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x5c,
1203                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1204                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1205
1206                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1207                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1208                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1209                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1210
1211                 0x7b, 0x6e, 0x7b, 0x00, 0x13, 0x00, 0x00, 0x00,
1212                 0x00, 0xb3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1213                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1214                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1215
1216                 0xf2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1217                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1218                 0x00, 0x00, 0x00, 0x20, 0x00, 0xef, 0xff, 0x00,
1219                 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1220
1221                 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
1222                 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x64, 0x00,
1223                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1224                 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 0x00,
1225
1226                 0xb3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1227                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1228                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf2,
1229                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1230
1231                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1232                 0x00, 0x00, 0x20, 0x00, 0xef, 0xff, 0x00, 0x09,
1233                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1234                 0x00, 0x7a, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
1235
1236                 0x00, 0x09, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00,
1237                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1238                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1239                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc
1240             }
1241         },
1242         {
1243             32,
1244             {
1245                 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1246                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1247                 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00,
1248                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, 0x7b
1249             }
1250         },
1251         {
1252             16,
1253             {
1254                 0x33, 0x20, 0x5b, 0xbf, 0x9e, 0x9f, 0x8f, 0x72,
1255                 0x12, 0xab, 0x9e, 0x2a, 0xb9, 0xb7, 0xe4, 0xa5
1256             }
1257         },
1258     },
1259     {
1260         {
1261             118,
1262             {
1263                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1264                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1265                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1266                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1267
1268                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1269                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1270                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1271                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1272
1273                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1274                 0x77, 0x77, 0x77, 0x77, 0xff, 0xff, 0xff, 0xe9,
1275                 0xe9, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac,
1276                 0xac, 0xac, 0xac, 0xac, 0x00, 0x00, 0xac, 0xac,
1277
1278                 0xec, 0x01, 0x00, 0xac, 0xac, 0xac, 0x2c, 0xac,
1279                 0xa2, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac,
1280                 0xac, 0xac, 0xac, 0xac, 0x64, 0xf2
1281             }
1282         },
1283         {
1284             32,
1285             {
1286                 0x00, 0x00, 0x00, 0x7f, 0x00, 0x00, 0x00, 0x7f,
1287                 0x01, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
1288                 0x00, 0x00, 0xcf, 0x77, 0x77, 0x77, 0x77, 0x77,
1289                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77
1290             }
1291         },
1292         {
1293             16,
1294             {
1295                 0x02, 0xee, 0x7c, 0x8c, 0x54, 0x6d, 0xde, 0xb1,
1296                 0xa4, 0x67, 0xe4, 0xc3, 0x98, 0x11, 0x58, 0xb9
1297             }
1298         },
1299     },
1300     /*
1301      * test vectors from Andrew Moon
1302      */
1303     { /* nacl */
1304         {
1305             131,
1306             {
1307                 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73,
1308                 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce,
1309                 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4,
1310                 0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a,
1311
1312                 0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b,
1313                 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72,
1314                 0x71, 0xd2, 0xc2, 0x0f, 0x9b, 0x92, 0x8f, 0xe2,
1315                 0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38,
1316
1317                 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a,
1318                 0xb9, 0x32, 0x16, 0x45, 0x48, 0xe5, 0x26, 0xae,
1319                 0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea,
1320                 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda,
1321
1322                 0x99, 0x83, 0x2b, 0x61, 0xca, 0x01, 0xb6, 0xde,
1323                 0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3,
1324                 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6,
1325                 0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74,
1326
1327                 0xe3, 0x55, 0xa5
1328             }
1329         },
1330         {
1331             32,
1332             {
1333                 0xee, 0xa6, 0xa7, 0x25, 0x1c, 0x1e, 0x72, 0x91,
1334                 0x6d, 0x11, 0xc2, 0xcb, 0x21, 0x4d, 0x3c, 0x25,
1335                 0x25, 0x39, 0x12, 0x1d, 0x8e, 0x23, 0x4e, 0x65,
1336                 0x2d, 0x65, 0x1f, 0xa4, 0xc8, 0xcf, 0xf8, 0x80
1337             }
1338         },
1339         {
1340             16,
1341             {
1342                 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5,
1343                 0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9
1344             }
1345         },
1346     },
1347     { /* wrap 2^130-5 */
1348         {
1349             16,
1350             {
1351                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1352                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
1353             }
1354         },
1355         {
1356             32,
1357             {
1358                 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1359                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1360                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1361                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1362             }
1363         },
1364         {
1365             16,
1366             {
1367                 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1368                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1369             }
1370         },
1371     },
1372     { /* wrap 2^128 */
1373         {
1374             16,
1375             {
1376                 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1377                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1378             }
1379         },
1380         {
1381             32,
1382             {
1383                 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1384                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1385                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1386                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
1387             }
1388         },
1389         {
1390             16,
1391             {
1392                 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1393                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1394             }
1395         },
1396     },
1397     { /* limb carry */
1398         {
1399             48,
1400             {
1401                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1402                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1403                 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1404                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1405
1406                 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1407                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1408             }
1409         },
1410         {
1411             32,
1412             {
1413                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1414                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1415                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1416                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1417             }
1418         },
1419         {
1420             16,
1421             {
1422                 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1423                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1424             }
1425         },
1426     },
1427     { /* 2^130-5 */
1428         {
1429             48,
1430             {
1431                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1432                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1433                 0xfb, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
1434                 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
1435
1436                 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1437                 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
1438             }
1439         },
1440         {
1441             32,
1442             {
1443                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1444                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1445                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1446                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1447             }
1448         },
1449         {
1450             16,
1451             {
1452                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1453                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1454
1455             }
1456         },
1457     },
1458     { /* 2^130-6 */
1459         {
1460             16,
1461             {
1462                 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1463                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
1464             }
1465         },
1466         {
1467             32,
1468             {
1469                 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1470                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1471                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1472                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1473             }
1474         },
1475         {
1476             16,
1477             {
1478                 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1479                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
1480             }
1481         },
1482     },
1483     { /* 5*H+L reduction intermediate */
1484         {
1485             64,
1486             {
1487                 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9,
1488                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1489                 0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd,
1490                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1491
1492                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1493                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1494                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1495                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1496             }
1497         },
1498         {
1499             32,
1500             {
1501                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1502                 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1503                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1504                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1505             }
1506         },
1507         {
1508             16,
1509             {
1510                 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1511                 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1512             }
1513         },
1514     },
1515     { /* 5*H+L reduction final */
1516         {
1517             48,
1518             {
1519                 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9,
1520                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1521                 0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd,
1522                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1523
1524                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1525                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1526
1527             }
1528         },
1529         {
1530             32,
1531             {
1532                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1533                 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1534                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1535                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1536             }
1537         },
1538         {
1539             16,
1540             {
1541                 0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1542                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1543             }
1544         }
1545     }
1546 };
1547
1548 static int test_poly1305(int idx)
1549 {
1550     POLY1305 poly1305;
1551     const TESTDATA test = tests[idx];
1552     const unsigned char *in = test.input.data;
1553     size_t inlen = test.input.size;
1554     const unsigned char *key = test.key.data;
1555     const unsigned char *expected = test.expected.data;
1556     size_t expectedlen = test.expected.size;
1557     unsigned char out[16];
1558
1559     if (!TEST_size_t_eq(expectedlen, sizeof(out)))
1560         return 0;
1561
1562     Poly1305_Init(&poly1305, key);
1563     Poly1305_Update(&poly1305, in, inlen);
1564     Poly1305_Final(&poly1305, out);
1565
1566     if (!TEST_mem_eq(out, expectedlen, expected, expectedlen)) {
1567         TEST_info("Poly1305 test #%d failed.", idx);
1568         return 0;
1569     }
1570
1571     if (inlen > 16) {
1572         Poly1305_Init(&poly1305, key);
1573         Poly1305_Update(&poly1305, in, 1);
1574         Poly1305_Update(&poly1305, in+1, inlen-1);
1575         Poly1305_Final(&poly1305, out);
1576
1577         if (!TEST_mem_eq(out, expectedlen, expected, expectedlen)) {
1578             TEST_info("Poly1305 test #%d/1+(N-1) failed.", idx);
1579             return 0;
1580         }
1581     }
1582
1583     if (inlen > 32) {
1584         size_t half = inlen / 2;
1585
1586         Poly1305_Init(&poly1305, key);
1587         Poly1305_Update(&poly1305, in, half);
1588         Poly1305_Update(&poly1305, in+half, inlen-half);
1589         Poly1305_Final(&poly1305, out);
1590
1591         if (!TEST_mem_eq(out, expectedlen, expected, expectedlen)) {
1592             TEST_info("Poly1305 test #%d/2 failed.", idx);
1593             return 0;
1594         }
1595
1596         for (half = 16; half < inlen; half += 16) {
1597             Poly1305_Init(&poly1305, key);
1598             Poly1305_Update(&poly1305, in, half);
1599             Poly1305_Update(&poly1305, in+half, inlen-half);
1600             Poly1305_Final(&poly1305, out);
1601
1602             if (!TEST_mem_eq(out, expectedlen, expected, expectedlen)) {
1603                 TEST_info("Poly1305 test #%d/%" OSSLzu "+%" OSSLzu " failed.",
1604                           idx, half, inlen-half);
1605                 return 0;
1606             }
1607         }
1608     }
1609
1610     return 1;
1611 }
1612
1613 int test_main(int argc, char **argv)
1614 {
1615     int result = 0;
1616     int iter_argv;
1617     int benchmark = 0;
1618
1619     for (iter_argv = 1; iter_argv < argc; iter_argv++) {
1620         if (strcmp(argv[iter_argv], "-b") == 0)
1621             benchmark = 1;
1622         else if (strcmp(argv[iter_argv], "-h") == 0)
1623             goto help;
1624     }
1625
1626     ADD_ALL_TESTS(test_poly1305, OSSL_NELEM(tests));
1627
1628     result = run_tests(argv[0]);
1629
1630     if (benchmark)
1631         benchmark_poly1305();
1632
1633     return result;
1634
1635  help:
1636     printf("-h\tThis help\n");
1637     printf("-b\tBenchmark in addition to the tests\n");
1638
1639     return 0;
1640 }