17746baed435cb63222d5b9b01adb4a433d7ecde
[openssl.git] / test / poly1305_internal_test.c
1 /*
2  * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 /* Internal tests for the poly1305 module */
11
12 #include <stdio.h>
13 #include <string.h>
14
15 #include "testutil.h"
16 #include "internal/poly1305.h"
17 #include "../crypto/poly1305/poly1305_local.h"
18 #include "e_os.h"
19
20 typedef struct {
21     size_t size;
22     const unsigned char data[1024];
23 } SIZED_DATA;
24
25 typedef struct {
26     SIZED_DATA input;
27     SIZED_DATA key;
28     SIZED_DATA expected;
29 } TESTDATA;
30
31 /**********************************************************************
32  *
33  * Test of poly1305 internal functions
34  *
35  ***/
36
37 /* TODO : hex decoder / encoder should be implemented in testutil.c */
38 static void hexdump(const unsigned char *a, size_t len)
39 {
40     size_t i;
41
42     for (i = 0; i < len; i++)
43         fprintf(stderr, "%02x", a[i]);
44 }
45
46 static void benchmark_poly1305()
47 {
48 # ifdef OPENSSL_CPUID_OBJ
49     POLY1305 poly1305;
50     unsigned char key[32];
51     unsigned char buf[8192];
52     unsigned long long stopwatch;
53     unsigned long long OPENSSL_rdtsc();
54     unsigned int i;
55
56     memset (buf,0x55,sizeof(buf));
57     memset (key,0xAA,sizeof(key));
58
59     Poly1305_Init(&poly1305, key);
60
61     for (i=0;i<100000;i++)
62         Poly1305_Update(&poly1305,buf,sizeof(buf));
63
64     stopwatch = OPENSSL_rdtsc();
65     for (i=0;i<10000;i++)
66         Poly1305_Update(&poly1305,buf,sizeof(buf));
67     stopwatch = OPENSSL_rdtsc() - stopwatch;
68
69     printf("%g\n",stopwatch/(double)(i*sizeof(buf)));
70
71     stopwatch = OPENSSL_rdtsc();
72     for (i=0;i<10000;i++) {
73         Poly1305_Init(&poly1305, key);
74         Poly1305_Update(&poly1305,buf,16);
75         Poly1305_Final(&poly1305,buf);
76     }
77     stopwatch = OPENSSL_rdtsc() - stopwatch;
78
79     printf("%g\n",stopwatch/(double)(i));
80 # else
81     fprintf(stderr,
82             "Benchmarking of poly1305 isn't available on this platform\n");
83 # endif
84 }
85
86 static TESTDATA tests[] = {
87     /*
88      * RFC7539
89      */
90     {
91         {
92             34,
93             {
94                 0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72,
95                 0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f,
96                 0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65,
97                 0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f,
98
99                 0x75, 0x70
100             }
101         },
102         {
103             32,
104             {
105                 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33,
106                 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8,
107                 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd,
108                 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b
109             }
110         },
111         {
112             16,
113             {
114                 0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
115                 0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9
116             }
117         }
118     },
119     /*
120      * test vectors from "The Poly1305-AES message-authentication code"
121      */
122     {
123         {
124             2,
125             {
126                 0xf3, 0xf6
127             }
128         },
129         {
130             32,
131             {
132                 0x85, 0x1f, 0xc4, 0x0c, 0x34, 0x67, 0xac, 0x0b,
133                 0xe0, 0x5c, 0xc2, 0x04, 0x04, 0xf3, 0xf7, 0x00,
134                 0x58, 0x0b, 0x3b, 0x0f, 0x94, 0x47, 0xbb, 0x1e,
135                 0x69, 0xd0, 0x95, 0xb5, 0x92, 0x8b, 0x6d, 0xbc
136             }
137         },
138         {
139             16,
140             {
141                 0xf4, 0xc6, 0x33, 0xc3, 0x04, 0x4f, 0xc1, 0x45,
142                 0xf8, 0x4f, 0x33, 0x5c, 0xb8, 0x19, 0x53, 0xde
143             }
144         }
145     },
146     {
147         {
148             0,
149             {
150                 0
151             }
152         },
153         {
154             32,
155             {
156                 0xa0, 0xf3, 0x08, 0x00, 0x00, 0xf4, 0x64, 0x00,
157                 0xd0, 0xc7, 0xe9, 0x07, 0x6c, 0x83, 0x44, 0x03,
158                 0xdd, 0x3f, 0xab, 0x22, 0x51, 0xf1, 0x1a, 0xc7,
159                 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7
160             }
161         },
162         {
163             16,
164             {
165                 0xdd, 0x3f, 0xab, 0x22, 0x51, 0xf1, 0x1a, 0xc7,
166                 0x59, 0xf0, 0x88, 0x71, 0x29, 0xcc, 0x2e, 0xe7
167             }
168         }
169     },
170     {
171         {
172             32,
173             {
174                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
175                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
176                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
177                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36
178             }
179         },
180         {
181             32,
182             {
183                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
184                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
185                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
186                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef
187             }
188         },
189         {
190             16,
191             {
192                 0x0e, 0xe1, 0xc1, 0x6b, 0xb7, 0x3f, 0x0f, 0x4f,
193                 0xd1, 0x98, 0x81, 0x75, 0x3c, 0x01, 0xcd, 0xbe
194             }
195         }
196     },
197     {
198         {
199             63,
200             {
201                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
202                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
203                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
204                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
205
206                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
207                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
208                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
209                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9
210             }
211         },
212         {
213             32,
214             {
215                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
216                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
217                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
218                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
219             }
220         },
221         {
222             16,
223             {
224                 0x51, 0x54, 0xad, 0x0d, 0x2c, 0xb2, 0x6e, 0x01,
225                 0x27, 0x4f, 0xc5, 0x11, 0x48, 0x49, 0x1f, 0x1b
226             }
227         },
228     },
229     /*
230      * self-generated vectors exercise "significant" lengths, such that
231      * are handled by different code paths
232      */
233     {
234         {
235             64,
236             {
237                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
238                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
239                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
240                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
241
242                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
243                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
244                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
245                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf
246             }
247         },
248         {
249             32,
250             {
251                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
252                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
253                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
254                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
255             }
256         },
257         {
258             16,
259             {
260                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
261                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66
262             }
263         },
264     },
265     {
266         {
267             48,
268             {
269                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
270                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
271                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
272                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
273
274                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
275                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67
276             }
277         },
278         {
279             32,
280             {
281                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
282                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
283                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
284                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
285
286             }
287         },
288         {
289             16,
290             {
291                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
292                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61
293             }
294         },
295     },
296     {
297         {
298             96,
299             {
300                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
301                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
302                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
303                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
304
305                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
306                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
307                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
308                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
309
310                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
311                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
312                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
313                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36
314             }
315         },
316         {
317             32,
318             {
319                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
320                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
321                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
322                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
323             }
324         },
325         {
326             16,
327             {
328                 0xbb, 0xb6, 0x13, 0xb2, 0xb6, 0xd7, 0x53, 0xba,
329                 0x07, 0x39, 0x5b, 0x91, 0x6a, 0xae, 0xce, 0x15
330             }
331         },
332     },
333     {
334         {
335             112,
336             {
337                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
338                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
339                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
340                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
341
342                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
343                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
344                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
345                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
346
347                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
348                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
349                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
350                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
351
352                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
353                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24
354             }
355         },
356         {
357             32,
358             {
359                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
360                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
361                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
362                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
363             }
364         },
365         {
366             16,
367             {
368                 0xc7, 0x94, 0xd7, 0x05, 0x7d, 0x17, 0x78, 0xc4,
369                 0xbb, 0xee, 0x0a, 0x39, 0xb3, 0xd9, 0x73, 0x42
370             }
371         },
372     },
373     {
374         {
375             128,
376             {
377                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
378                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
379                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
380                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
381
382                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
383                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
384                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
385                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
386
387                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
388                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
389                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
390                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
391
392                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
393                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
394                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
395                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36
396             }
397         },
398         {
399             32,
400             {
401                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
402                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
403                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
404                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
405             }
406         },
407         {
408             16,
409             {
410                 0xff, 0xbc, 0xb9, 0xb3, 0x71, 0x42, 0x31, 0x52,
411                 0xd7, 0xfc, 0xa5, 0xad, 0x04, 0x2f, 0xba, 0xa9
412             }
413         },
414     },
415     {
416         {
417             144,
418             {
419                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
420                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
421                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
422                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
423
424                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
425                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
426                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
427                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
428
429                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
430                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
431                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
432                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
433
434                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
435                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
436                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
437                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
438
439                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
440                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66
441             }
442         },
443         {
444             32,
445             {
446                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
447                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
448                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
449                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
450             }
451         },
452         {
453             16,
454             {
455                 0x06, 0x9e, 0xd6, 0xb8, 0xef, 0x0f, 0x20, 0x7b,
456                 0x3e, 0x24, 0x3b, 0xb1, 0x01, 0x9f, 0xe6, 0x32
457             }
458         },
459     },
460     {
461         {
462             160,
463             {
464                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
465                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
466                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
467                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
468
469                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
470                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
471                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
472                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
473
474                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
475                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
476                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
477                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
478
479                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
480                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
481                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
482                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
483
484                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
485                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66,
486                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
487                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61
488             }
489         },
490         {
491             32,
492             {
493                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
494                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
495                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
496                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
497             }
498         },
499         {
500             16,
501             {
502                 0xcc, 0xa3, 0x39, 0xd9, 0xa4, 0x5f, 0xa2, 0x36,
503                 0x8c, 0x2c, 0x68, 0xb3, 0xa4, 0x17, 0x91, 0x33
504             }
505         },
506     },
507     {
508         {
509             288,
510             {
511                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
512                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
513                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
514                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
515
516                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
517                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
518                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
519                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
520
521                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
522                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
523                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
524                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
525
526                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
527                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
528                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
529                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
530
531                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
532                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66,
533                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
534                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61,
535
536                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
537                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
538                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
539                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
540
541                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
542                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
543                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
544                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
545
546                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
547                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
548                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
549                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
550
551                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
552                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
553                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
554                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36
555             }
556         },
557         {
558             32,
559             {
560                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
561                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
562                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
563                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
564             }
565         },
566         {
567             16,
568             {
569                 0x53, 0xf6, 0xe8, 0x28, 0xa2, 0xf0, 0xfe, 0x0e,
570                 0xe8, 0x15, 0xbf, 0x0b, 0xd5, 0x84, 0x1a, 0x34
571             }
572         },
573     },
574     {
575         {
576             320,
577             {
578                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
579                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
580                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
581                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
582
583                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
584                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
585                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
586                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
587
588                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
589                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
590                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
591                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
592
593                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
594                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
595                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
596                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
597
598                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
599                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66,
600                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
601                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61,
602
603                 0xab, 0x08, 0x12, 0x72, 0x4a, 0x7f, 0x1e, 0x34,
604                 0x27, 0x42, 0xcb, 0xed, 0x37, 0x4d, 0x94, 0xd1,
605                 0x36, 0xc6, 0xb8, 0x79, 0x5d, 0x45, 0xb3, 0x81,
606                 0x98, 0x30, 0xf2, 0xc0, 0x44, 0x91, 0xfa, 0xf0,
607
608                 0x99, 0x0c, 0x62, 0xe4, 0x8b, 0x80, 0x18, 0xb2,
609                 0xc3, 0xe4, 0xa0, 0xfa, 0x31, 0x34, 0xcb, 0x67,
610                 0xfa, 0x83, 0xe1, 0x58, 0xc9, 0x94, 0xd9, 0x61,
611                 0xc4, 0xcb, 0x21, 0x09, 0x5c, 0x1b, 0xf9, 0xaf,
612
613                 0x48, 0x44, 0x3d, 0x0b, 0xb0, 0xd2, 0x11, 0x09,
614                 0xc8, 0x9a, 0x10, 0x0b, 0x5c, 0xe2, 0xc2, 0x08,
615                 0x83, 0x14, 0x9c, 0x69, 0xb5, 0x61, 0xdd, 0x88,
616                 0x29, 0x8a, 0x17, 0x98, 0xb1, 0x07, 0x16, 0xef,
617
618                 0x66, 0x3c, 0xea, 0x19, 0x0f, 0xfb, 0x83, 0xd8,
619                 0x95, 0x93, 0xf3, 0xf4, 0x76, 0xb6, 0xbc, 0x24,
620                 0xd7, 0xe6, 0x79, 0x10, 0x7e, 0xa2, 0x6a, 0xdb,
621                 0x8c, 0xaf, 0x66, 0x52, 0xd0, 0x65, 0x61, 0x36,
622
623                 0x81, 0x20, 0x59, 0xa5, 0xda, 0x19, 0x86, 0x37,
624                 0xca, 0xc7, 0xc4, 0xa6, 0x31, 0xbe, 0xe4, 0x66,
625                 0x5b, 0x88, 0xd7, 0xf6, 0x22, 0x8b, 0x11, 0xe2,
626                 0xe2, 0x85, 0x79, 0xa5, 0xc0, 0xc1, 0xf7, 0x61
627             }
628         },
629         {
630             32,
631             {
632                 0x12, 0x97, 0x6a, 0x08, 0xc4, 0x42, 0x6d, 0x0c,
633                 0xe8, 0xa8, 0x24, 0x07, 0xc4, 0xf4, 0x82, 0x07,
634                 0x80, 0xf8, 0xc2, 0x0a, 0xa7, 0x12, 0x02, 0xd1,
635                 0xe2, 0x91, 0x79, 0xcb, 0xcb, 0x55, 0x5a, 0x57
636             }
637         },
638         {
639             16,
640             {
641                 0xb8, 0x46, 0xd4, 0x4e, 0x9b, 0xbd, 0x53, 0xce,
642                 0xdf, 0xfb, 0xfb, 0xb6, 0xb7, 0xfa, 0x49, 0x33
643             }
644         },
645     },
646     /*
647      * 4th power of the key spills to 131th bit in SIMD key setup
648      */
649     {
650         {
651             256,
652             {
653                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
654                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
655                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
656                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
657
658                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
659                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
660                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
661                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
662
663                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
664                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
665                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
666                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
667
668                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
669                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
670                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
671                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
672
673                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
674                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
675                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
676                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
677
678                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
679                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
680                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
681                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
682
683                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
684                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
685                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
686                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
687
688                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
689                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
690                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
691                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
692             }
693         },
694         {
695             32,
696             {
697                 0xad, 0x62, 0x81, 0x07, 0xe8, 0x35, 0x1d, 0x0f,
698                 0x2c, 0x23, 0x1a, 0x05, 0xdc, 0x4a, 0x41, 0x06,
699                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
700                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
701             }
702         },
703         {
704             16,
705             {
706                 0x07, 0x14, 0x5a, 0x4c, 0x02, 0xfe, 0x5f, 0xa3,
707                 0x20, 0x36, 0xde, 0x68, 0xfa, 0xbe, 0x90, 0x66
708             }
709         },
710     },
711     /*
712      * poly1305_ieee754.c failed this in final stage
713      */
714     {
715         {
716             252,
717             {
718                 0x84, 0x23, 0x64, 0xe1, 0x56, 0x33, 0x6c, 0x09,
719                 0x98, 0xb9, 0x33, 0xa6, 0x23, 0x77, 0x26, 0x18,
720                 0x0d, 0x9e, 0x3f, 0xdc, 0xbd, 0xe4, 0xcd, 0x5d,
721                 0x17, 0x08, 0x0f, 0xc3, 0xbe, 0xb4, 0x96, 0x14,
722
723                 0xd7, 0x12, 0x2c, 0x03, 0x74, 0x63, 0xff, 0x10,
724                 0x4d, 0x73, 0xf1, 0x9c, 0x12, 0x70, 0x46, 0x28,
725                 0xd4, 0x17, 0xc4, 0xc5, 0x4a, 0x3f, 0xe3, 0x0d,
726                 0x3c, 0x3d, 0x77, 0x14, 0x38, 0x2d, 0x43, 0xb0,
727
728                 0x38, 0x2a, 0x50, 0xa5, 0xde, 0xe5, 0x4b, 0xe8,
729                 0x44, 0xb0, 0x76, 0xe8, 0xdf, 0x88, 0x20, 0x1a,
730                 0x1c, 0xd4, 0x3b, 0x90, 0xeb, 0x21, 0x64, 0x3f,
731                 0xa9, 0x6f, 0x39, 0xb5, 0x18, 0xaa, 0x83, 0x40,
732
733                 0xc9, 0x42, 0xff, 0x3c, 0x31, 0xba, 0xf7, 0xc9,
734                 0xbd, 0xbf, 0x0f, 0x31, 0xae, 0x3f, 0xa0, 0x96,
735                 0xbf, 0x8c, 0x63, 0x03, 0x06, 0x09, 0x82, 0x9f,
736                 0xe7, 0x2e, 0x17, 0x98, 0x24, 0x89, 0x0b, 0xc8,
737
738                 0xe0, 0x8c, 0x31, 0x5c, 0x1c, 0xce, 0x2a, 0x83,
739                 0x14, 0x4d, 0xbb, 0xff, 0x09, 0xf7, 0x4e, 0x3e,
740                 0xfc, 0x77, 0x0b, 0x54, 0xd0, 0x98, 0x4a, 0x8f,
741                 0x19, 0xb1, 0x47, 0x19, 0xe6, 0x36, 0x35, 0x64,
742
743                 0x1d, 0x6b, 0x1e, 0xed, 0xf6, 0x3e, 0xfb, 0xf0,
744                 0x80, 0xe1, 0x78, 0x3d, 0x32, 0x44, 0x54, 0x12,
745                 0x11, 0x4c, 0x20, 0xde, 0x0b, 0x83, 0x7a, 0x0d,
746                 0xfa, 0x33, 0xd6, 0xb8, 0x28, 0x25, 0xff, 0xf4,
747
748                 0x4c, 0x9a, 0x70, 0xea, 0x54, 0xce, 0x47, 0xf0,
749                 0x7d, 0xf6, 0x98, 0xe6, 0xb0, 0x33, 0x23, 0xb5,
750                 0x30, 0x79, 0x36, 0x4a, 0x5f, 0xc3, 0xe9, 0xdd,
751                 0x03, 0x43, 0x92, 0xbd, 0xde, 0x86, 0xdc, 0xcd,
752
753                 0xda, 0x94, 0x32, 0x1c, 0x5e, 0x44, 0x06, 0x04,
754                 0x89, 0x33, 0x6c, 0xb6, 0x5b, 0xf3, 0x98, 0x9c,
755                 0x36, 0xf7, 0x28, 0x2c, 0x2f, 0x5d, 0x2b, 0x88,
756                 0x2c, 0x17, 0x1e, 0x74
757             }
758         },
759         {
760             32,
761             {
762                 0x95, 0xd5, 0xc0, 0x05, 0x50, 0x3e, 0x51, 0x0d,
763                 0x8c, 0xd0, 0xaa, 0x07, 0x2c, 0x4a, 0x4d, 0x06,
764                 0x6e, 0xab, 0xc5, 0x2d, 0x11, 0x65, 0x3d, 0xf4,
765                 0x7f, 0xbf, 0x63, 0xab, 0x19, 0x8b, 0xcc, 0x26
766             }
767         },
768         {
769             16,
770             {
771                 0xf2, 0x48, 0x31, 0x2e, 0x57, 0x8d, 0x9d, 0x58,
772                 0xf8, 0xb7, 0xbb, 0x4d, 0x19, 0x10, 0x54, 0x31
773             }
774         },
775     },
776     /*
777      * AVX2 in poly1305-x86.pl failed this with 176+32 split
778      */
779     {
780         {
781             208,
782             {
783                 0x24, 0x8a, 0xc3, 0x10, 0x85, 0xb6, 0xc2, 0xad,
784                 0xaa, 0xa3, 0x82, 0x59, 0xa0, 0xd7, 0x19, 0x2c,
785                 0x5c, 0x35, 0xd1, 0xbb, 0x4e, 0xf3, 0x9a, 0xd9,
786                 0x4c, 0x38, 0xd1, 0xc8, 0x24, 0x79, 0xe2, 0xdd,
787
788                 0x21, 0x59, 0xa0, 0x77, 0x02, 0x4b, 0x05, 0x89,
789                 0xbc, 0x8a, 0x20, 0x10, 0x1b, 0x50, 0x6f, 0x0a,
790                 0x1a, 0xd0, 0xbb, 0xab, 0x76, 0xe8, 0x3a, 0x83,
791                 0xf1, 0xb9, 0x4b, 0xe6, 0xbe, 0xae, 0x74, 0xe8,
792
793                 0x74, 0xca, 0xb6, 0x92, 0xc5, 0x96, 0x3a, 0x75,
794                 0x43, 0x6b, 0x77, 0x61, 0x21, 0xec, 0x9f, 0x62,
795                 0x39, 0x9a, 0x3e, 0x66, 0xb2, 0xd2, 0x27, 0x07,
796                 0xda, 0xe8, 0x19, 0x33, 0xb6, 0x27, 0x7f, 0x3c,
797
798                 0x85, 0x16, 0xbc, 0xbe, 0x26, 0xdb, 0xbd, 0x86,
799                 0xf3, 0x73, 0x10, 0x3d, 0x7c, 0xf4, 0xca, 0xd1,
800                 0x88, 0x8c, 0x95, 0x21, 0x18, 0xfb, 0xfb, 0xd0,
801                 0xd7, 0xb4, 0xbe, 0xdc, 0x4a, 0xe4, 0x93, 0x6a,
802
803                 0xff, 0x91, 0x15, 0x7e, 0x7a, 0xa4, 0x7c, 0x54,
804                 0x44, 0x2e, 0xa7, 0x8d, 0x6a, 0xc2, 0x51, 0xd3,
805                 0x24, 0xa0, 0xfb, 0xe4, 0x9d, 0x89, 0xcc, 0x35,
806                 0x21, 0xb6, 0x6d, 0x16, 0xe9, 0xc6, 0x6a, 0x37,
807
808                 0x09, 0x89, 0x4e, 0x4e, 0xb0, 0xa4, 0xee, 0xdc,
809                 0x4a, 0xe1, 0x94, 0x68, 0xe6, 0x6b, 0x81, 0xf2,
810
811                 0x71, 0x35, 0x1b, 0x1d, 0x92, 0x1e, 0xa5, 0x51,
812                 0x04, 0x7a, 0xbc, 0xc6, 0xb8, 0x7a, 0x90, 0x1f,
813                 0xde, 0x7d, 0xb7, 0x9f, 0xa1, 0x81, 0x8c, 0x11,
814                 0x33, 0x6d, 0xbc, 0x07, 0x24, 0x4a, 0x40, 0xeb
815             }
816         },
817         {
818             32,
819             {
820                 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
821                 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
822                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
823                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
824             }
825         },
826         {
827             16,
828             {
829                 0xbc, 0x93, 0x9b, 0xc5, 0x28, 0x14, 0x80, 0xfa,
830                 0x99, 0xc6, 0xd6, 0x8c, 0x25, 0x8e, 0xc4, 0x2f
831             }
832         },
833     },
834     /*
835      * test vectors from Google
836      */
837     {
838         {
839             0,
840             {
841                 0x00,
842             }
843         },
844         {
845             32,
846             {
847                 0xc8, 0xaf, 0xaa, 0xc3, 0x31, 0xee, 0x37, 0x2c,
848                 0xd6, 0x08, 0x2d, 0xe1, 0x34, 0x94, 0x3b, 0x17,
849                 0x47, 0x10, 0x13, 0x0e, 0x9f, 0x6f, 0xea, 0x8d,
850                 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c
851             }
852         },
853         {
854             16,
855             {
856                 0x47, 0x10, 0x13, 0x0e, 0x9f, 0x6f, 0xea, 0x8d,
857                 0x72, 0x29, 0x38, 0x50, 0xa6, 0x67, 0xd8, 0x6c
858             }
859         },
860     },
861     {
862         {
863             12,
864             {
865                 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f,
866                 0x72, 0x6c, 0x64, 0x21
867             }
868         },
869         {
870             32,
871             {
872                 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
873                 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20,
874                 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20,
875                 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35
876             }
877         },
878         {
879             16,
880             {
881                 0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16,
882                 0xa2, 0x0d, 0xcc, 0x74, 0xee, 0xf2, 0xb2, 0xf0
883             }
884         },
885     },
886     {
887         {
888             32,
889             {
890                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
891                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
892                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
893                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
894             }
895         },
896         {
897             32,
898             {
899                 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
900                 0x33, 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20,
901                 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, 0x72, 0x20,
902                 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35
903             }
904         },
905         {
906             16,
907             {
908                 0x49, 0xec, 0x78, 0x09, 0x0e, 0x48, 0x1e, 0xc6,
909                 0xc2, 0x6b, 0x33, 0xb9, 0x1c, 0xcc, 0x03, 0x07
910             }
911         },
912     },
913     {
914         {
915             128,
916             {
917                 0x89, 0xda, 0xb8, 0x0b, 0x77, 0x17, 0xc1, 0xdb,
918                 0x5d, 0xb4, 0x37, 0x86, 0x0a, 0x3f, 0x70, 0x21,
919                 0x8e, 0x93, 0xe1, 0xb8, 0xf4, 0x61, 0xfb, 0x67,
920                 0x7f, 0x16, 0xf3, 0x5f, 0x6f, 0x87, 0xe2, 0xa9,
921
922                 0x1c, 0x99, 0xbc, 0x3a, 0x47, 0xac, 0xe4, 0x76,
923                 0x40, 0xcc, 0x95, 0xc3, 0x45, 0xbe, 0x5e, 0xcc,
924                 0xa5, 0xa3, 0x52, 0x3c, 0x35, 0xcc, 0x01, 0x89,
925                 0x3a, 0xf0, 0xb6, 0x4a, 0x62, 0x03, 0x34, 0x27,
926
927                 0x03, 0x72, 0xec, 0x12, 0x48, 0x2d, 0x1b, 0x1e,
928                 0x36, 0x35, 0x61, 0x69, 0x8a, 0x57, 0x8b, 0x35,
929                 0x98, 0x03, 0x49, 0x5b, 0xb4, 0xe2, 0xef, 0x19,
930                 0x30, 0xb1, 0x7a, 0x51, 0x90, 0xb5, 0x80, 0xf1,
931
932                 0x41, 0x30, 0x0d, 0xf3, 0x0a, 0xdb, 0xec, 0xa2,
933                 0x8f, 0x64, 0x27, 0xa8, 0xbc, 0x1a, 0x99, 0x9f,
934                 0xd5, 0x1c, 0x55, 0x4a, 0x01, 0x7d, 0x09, 0x5d,
935                 0x8c, 0x3e, 0x31, 0x27, 0xda, 0xf9, 0xf5, 0x95
936             }
937         },
938         {
939             32,
940             {
941                 0x2d, 0x77, 0x3b, 0xe3, 0x7a, 0xdb, 0x1e, 0x4d,
942                 0x68, 0x3b, 0xf0, 0x07, 0x5e, 0x79, 0xc4, 0xee,
943                 0x03, 0x79, 0x18, 0x53, 0x5a, 0x7f, 0x99, 0xcc,
944                 0xb7, 0x04, 0x0f, 0xb5, 0xf5, 0xf4, 0x3a, 0xea
945             }
946         },
947         {
948             16,
949             {
950                 0xc8, 0x5d, 0x15, 0xed, 0x44, 0xc3, 0x78, 0xd6,
951                 0xb0, 0x0e, 0x23, 0x06, 0x4c, 0x7b, 0xcd, 0x51
952             }
953         },
954     },
955     {
956         {
957             528,
958             {
959                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b,
960                 0x17, 0x03, 0x03, 0x02, 0x00, 0x00, 0x00, 0x00,
961
962                 0x06, 0xdb, 0x1f, 0x1f, 0x36, 0x8d, 0x69, 0x6a,
963                 0x81, 0x0a, 0x34, 0x9c, 0x0c, 0x71, 0x4c, 0x9a,
964                 0x5e, 0x78, 0x50, 0xc2, 0x40, 0x7d, 0x72, 0x1a,
965                 0xcd, 0xed, 0x95, 0xe0, 0x18, 0xd7, 0xa8, 0x52,
966
967                 0x66, 0xa6, 0xe1, 0x28, 0x9c, 0xdb, 0x4a, 0xeb,
968                 0x18, 0xda, 0x5a, 0xc8, 0xa2, 0xb0, 0x02, 0x6d,
969                 0x24, 0xa5, 0x9a, 0xd4, 0x85, 0x22, 0x7f, 0x3e,
970                 0xae, 0xdb, 0xb2, 0xe7, 0xe3, 0x5e, 0x1c, 0x66,
971
972                 0xcd, 0x60, 0xf9, 0xab, 0xf7, 0x16, 0xdc, 0xc9,
973                 0xac, 0x42, 0x68, 0x2d, 0xd7, 0xda, 0xb2, 0x87,
974                 0xa7, 0x02, 0x4c, 0x4e, 0xef, 0xc3, 0x21, 0xcc,
975                 0x05, 0x74, 0xe1, 0x67, 0x93, 0xe3, 0x7c, 0xec,
976
977                 0x03, 0xc5, 0xbd, 0xa4, 0x2b, 0x54, 0xc1, 0x14,
978                 0xa8, 0x0b, 0x57, 0xaf, 0x26, 0x41, 0x6c, 0x7b,
979                 0xe7, 0x42, 0x00, 0x5e, 0x20, 0x85, 0x5c, 0x73,
980                 0xe2, 0x1d, 0xc8, 0xe2, 0xed, 0xc9, 0xd4, 0x35,
981
982                 0xcb, 0x6f, 0x60, 0x59, 0x28, 0x00, 0x11, 0xc2,
983                 0x70, 0xb7, 0x15, 0x70, 0x05, 0x1c, 0x1c, 0x9b,
984                 0x30, 0x52, 0x12, 0x66, 0x20, 0xbc, 0x1e, 0x27,
985                 0x30, 0xfa, 0x06, 0x6c, 0x7a, 0x50, 0x9d, 0x53,
986
987                 0xc6, 0x0e, 0x5a, 0xe1, 0xb4, 0x0a, 0xa6, 0xe3,
988                 0x9e, 0x49, 0x66, 0x92, 0x28, 0xc9, 0x0e, 0xec,
989                 0xb4, 0xa5, 0x0d, 0xb3, 0x2a, 0x50, 0xbc, 0x49,
990                 0xe9, 0x0b, 0x4f, 0x4b, 0x35, 0x9a, 0x1d, 0xfd,
991
992                 0x11, 0x74, 0x9c, 0xd3, 0x86, 0x7f, 0xcf, 0x2f,
993                 0xb7, 0xbb, 0x6c, 0xd4, 0x73, 0x8f, 0x6a, 0x4a,
994                 0xd6, 0xf7, 0xca, 0x50, 0x58, 0xf7, 0x61, 0x88,
995                 0x45, 0xaf, 0x9f, 0x02, 0x0f, 0x6c, 0x3b, 0x96,
996
997                 0x7b, 0x8f, 0x4c, 0xd4, 0xa9, 0x1e, 0x28, 0x13,
998                 0xb5, 0x07, 0xae, 0x66, 0xf2, 0xd3, 0x5c, 0x18,
999                 0x28, 0x4f, 0x72, 0x92, 0x18, 0x60, 0x62, 0xe1,
1000                 0x0f, 0xd5, 0x51, 0x0d, 0x18, 0x77, 0x53, 0x51,
1001
1002                 0xef, 0x33, 0x4e, 0x76, 0x34, 0xab, 0x47, 0x43,
1003                 0xf5, 0xb6, 0x8f, 0x49, 0xad, 0xca, 0xb3, 0x84,
1004                 0xd3, 0xfd, 0x75, 0xf7, 0x39, 0x0f, 0x40, 0x06,
1005                 0xef, 0x2a, 0x29, 0x5c, 0x8c, 0x7a, 0x07, 0x6a,
1006
1007                 0xd5, 0x45, 0x46, 0xcd, 0x25, 0xd2, 0x10, 0x7f,
1008                 0xbe, 0x14, 0x36, 0xc8, 0x40, 0x92, 0x4a, 0xae,
1009                 0xbe, 0x5b, 0x37, 0x08, 0x93, 0xcd, 0x63, 0xd1,
1010                 0x32, 0x5b, 0x86, 0x16, 0xfc, 0x48, 0x10, 0x88,
1011
1012                 0x6b, 0xc1, 0x52, 0xc5, 0x32, 0x21, 0xb6, 0xdf,
1013                 0x37, 0x31, 0x19, 0x39, 0x32, 0x55, 0xee, 0x72,
1014                 0xbc, 0xaa, 0x88, 0x01, 0x74, 0xf1, 0x71, 0x7f,
1015                 0x91, 0x84, 0xfa, 0x91, 0x64, 0x6f, 0x17, 0xa2,
1016
1017                 0x4a, 0xc5, 0x5d, 0x16, 0xbf, 0xdd, 0xca, 0x95,
1018                 0x81, 0xa9, 0x2e, 0xda, 0x47, 0x92, 0x01, 0xf0,
1019                 0xed, 0xbf, 0x63, 0x36, 0x00, 0xd6, 0x06, 0x6d,
1020                 0x1a, 0xb3, 0x6d, 0x5d, 0x24, 0x15, 0xd7, 0x13,
1021
1022                 0x51, 0xbb, 0xcd, 0x60, 0x8a, 0x25, 0x10, 0x8d,
1023                 0x25, 0x64, 0x19, 0x92, 0xc1, 0xf2, 0x6c, 0x53,
1024                 0x1c, 0xf9, 0xf9, 0x02, 0x03, 0xbc, 0x4c, 0xc1,
1025                 0x9f, 0x59, 0x27, 0xd8, 0x34, 0xb0, 0xa4, 0x71,
1026
1027                 0x16, 0xd3, 0x88, 0x4b, 0xbb, 0x16, 0x4b, 0x8e,
1028                 0xc8, 0x83, 0xd1, 0xac, 0x83, 0x2e, 0x56, 0xb3,
1029                 0x91, 0x8a, 0x98, 0x60, 0x1a, 0x08, 0xd1, 0x71,
1030                 0x88, 0x15, 0x41, 0xd5, 0x94, 0xdb, 0x39, 0x9c,
1031
1032                 0x6a, 0xe6, 0x15, 0x12, 0x21, 0x74, 0x5a, 0xec,
1033                 0x81, 0x4c, 0x45, 0xb0, 0xb0, 0x5b, 0x56, 0x54,
1034                 0x36, 0xfd, 0x6f, 0x13, 0x7a, 0xa1, 0x0a, 0x0c,
1035                 0x0b, 0x64, 0x37, 0x61, 0xdb, 0xd6, 0xf9, 0xa9,
1036
1037                 0xdc, 0xb9, 0x9b, 0x1a, 0x6e, 0x69, 0x08, 0x54,
1038                 0xce, 0x07, 0x69, 0xcd, 0xe3, 0x97, 0x61, 0xd8,
1039                 0x2f, 0xcd, 0xec, 0x15, 0xf0, 0xd9, 0x2d, 0x7d,
1040                 0x8e, 0x94, 0xad, 0xe8, 0xeb, 0x83, 0xfb, 0xe0
1041             }
1042         },
1043         {
1044             32,
1045             {
1046                 0x99, 0xe5, 0x82, 0x2d, 0xd4, 0x17, 0x3c, 0x99,
1047                 0x5e, 0x3d, 0xae, 0x0d, 0xde, 0xfb, 0x97, 0x74,
1048                 0x3f, 0xde, 0x3b, 0x08, 0x01, 0x34, 0xb3, 0x9f,
1049                 0x76, 0xe9, 0xbf, 0x8d, 0x0e, 0x88, 0xd5, 0x46
1050             }
1051         },
1052         {
1053             16,
1054             {
1055                 0x26, 0x37, 0x40, 0x8f, 0xe1, 0x30, 0x86, 0xea,
1056                 0x73, 0xf9, 0x71, 0xe3, 0x42, 0x5e, 0x28, 0x20
1057             }
1058         },
1059     },
1060     /*
1061      * test vectors from Hanno Böck
1062      */
1063     {
1064         {
1065             257,
1066             {
1067                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1068                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1069                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1070                 0xcc, 0x80, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1071
1072                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1073                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1074                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1075                 0xcc, 0xcc, 0xcc, 0xcc, 0xce, 0xcc, 0xcc, 0xcc,
1076
1077                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1078                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xc5,
1079                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1080                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1081
1082                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xe3, 0xcc, 0xcc,
1083                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1084                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1085                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1086
1087                 0xcc, 0xcc, 0xcc, 0xcc, 0xac, 0xcc, 0xcc, 0xcc,
1088                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xe6,
1089                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x00, 0x00, 0x00,
1090                 0xaf, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc,
1091
1092                 0xcc, 0xcc, 0xff, 0xff, 0xff, 0xf5, 0x00, 0x00,
1093                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1094                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1095                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1096
1097                 0x00, 0xff, 0xff, 0xff, 0xe7, 0x00, 0x00, 0x00,
1098                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1099                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1100                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1101
1102                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1103                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1104                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1105                 0x00, 0x00, 0x71, 0x92, 0x05, 0xa8, 0x52, 0x1d,
1106
1107                 0xfc
1108             }
1109         },
1110         {
1111             32,
1112             {
1113                 0x7f, 0x1b, 0x02, 0x64, 0x00, 0x00, 0x00, 0x00,
1114                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1115                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1116                 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc
1117             }
1118         },
1119         {
1120             16,
1121             {
1122                 0x85, 0x59, 0xb8, 0x76, 0xec, 0xee, 0xd6, 0x6e,
1123                 0xb3, 0x77, 0x98, 0xc0, 0x45, 0x7b, 0xaf, 0xf9
1124             }
1125         },
1126     },
1127     {
1128         {
1129             39,
1130             {
1131                 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1132                 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1133                 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1134                 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 0x00,
1135
1136                 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x64
1137             }
1138         },
1139         {
1140             32,
1141             {
1142                 0xe0, 0x00, 0x16, 0x00, 0x00, 0x00, 0x00, 0x00,
1143                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1144                 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
1145                 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa
1146             }
1147         },
1148         {
1149             16,
1150             {
1151                 0x00, 0xbd, 0x12, 0x58, 0x97, 0x8e, 0x20, 0x54,
1152                 0x44, 0xc9, 0xaa, 0xaa, 0x82, 0x00, 0x6f, 0xed
1153             }
1154         },
1155     },
1156     {
1157         {
1158             2,
1159             {
1160                 0x02, 0xfc
1161             }
1162         },
1163         {
1164             32,
1165             {
1166                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1167                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1168                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1169                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1170             }
1171         },
1172         {
1173             16,
1174             {
1175                 0x06, 0x12, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c,
1176                 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c
1177             }
1178         },
1179     },
1180     {
1181         {
1182             415,
1183             {
1184                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1185                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1186                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1187                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1188
1189                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7a, 0x7b,
1190                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1191                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1192                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1193
1194                 0x7b, 0x7b, 0x5c, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1195                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1196                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1197                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1198
1199                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1200                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1201                 0x7b, 0x7b, 0x7b, 0x7b, 0x6e, 0x7b, 0x00, 0x7b,
1202                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1203
1204                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1205                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1206                 0x7b, 0x7b, 0x7b, 0x7a, 0x7b, 0x7b, 0x7b, 0x7b,
1207                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1208
1209                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1210                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x5c,
1211                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1212                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1213
1214                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1215                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1216                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1217                 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b, 0x7b,
1218
1219                 0x7b, 0x6e, 0x7b, 0x00, 0x13, 0x00, 0x00, 0x00,
1220                 0x00, 0xb3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1221                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1222                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1223
1224                 0xf2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1225                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1226                 0x00, 0x00, 0x00, 0x20, 0x00, 0xef, 0xff, 0x00,
1227                 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1228
1229                 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00,
1230                 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x64, 0x00,
1231                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1232                 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 0x00,
1233
1234                 0xb3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1235                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1236                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xf2,
1237                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1238
1239                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1240                 0x00, 0x00, 0x20, 0x00, 0xef, 0xff, 0x00, 0x09,
1241                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1242                 0x00, 0x7a, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00,
1243
1244                 0x00, 0x09, 0x00, 0x00, 0x00, 0x64, 0x00, 0x00,
1245                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1246                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1247                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc
1248             }
1249         },
1250         {
1251             32,
1252             {
1253                 0x00, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1254                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1255                 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00,
1256                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, 0x7b
1257             }
1258         },
1259         {
1260             16,
1261             {
1262                 0x33, 0x20, 0x5b, 0xbf, 0x9e, 0x9f, 0x8f, 0x72,
1263                 0x12, 0xab, 0x9e, 0x2a, 0xb9, 0xb7, 0xe4, 0xa5
1264             }
1265         },
1266     },
1267     {
1268         {
1269             118,
1270             {
1271                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1272                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1273                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1274                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1275
1276                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1277                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1278                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1279                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1280
1281                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77,
1282                 0x77, 0x77, 0x77, 0x77, 0xff, 0xff, 0xff, 0xe9,
1283                 0xe9, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac,
1284                 0xac, 0xac, 0xac, 0xac, 0x00, 0x00, 0xac, 0xac,
1285
1286                 0xec, 0x01, 0x00, 0xac, 0xac, 0xac, 0x2c, 0xac,
1287                 0xa2, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac, 0xac,
1288                 0xac, 0xac, 0xac, 0xac, 0x64, 0xf2
1289             }
1290         },
1291         {
1292             32,
1293             {
1294                 0x00, 0x00, 0x00, 0x7f, 0x00, 0x00, 0x00, 0x7f,
1295                 0x01, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00,
1296                 0x00, 0x00, 0xcf, 0x77, 0x77, 0x77, 0x77, 0x77,
1297                 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77, 0x77
1298             }
1299         },
1300         {
1301             16,
1302             {
1303                 0x02, 0xee, 0x7c, 0x8c, 0x54, 0x6d, 0xde, 0xb1,
1304                 0xa4, 0x67, 0xe4, 0xc3, 0x98, 0x11, 0x58, 0xb9
1305             }
1306         },
1307     },
1308     /*
1309      * test vectors from Andrew Moon
1310      */
1311     { /* nacl */
1312         {
1313             131,
1314             {
1315                 0x8e, 0x99, 0x3b, 0x9f, 0x48, 0x68, 0x12, 0x73,
1316                 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce,
1317                 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4,
1318                 0x47, 0x6f, 0xb8, 0xc5, 0x31, 0xa1, 0x18, 0x6a,
1319
1320                 0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b,
1321                 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72,
1322                 0x71, 0xd2, 0xc2, 0x0f, 0x9b, 0x92, 0x8f, 0xe2,
1323                 0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38,
1324
1325                 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a,
1326                 0xb9, 0x32, 0x16, 0x45, 0x48, 0xe5, 0x26, 0xae,
1327                 0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea,
1328                 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda,
1329
1330                 0x99, 0x83, 0x2b, 0x61, 0xca, 0x01, 0xb6, 0xde,
1331                 0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3,
1332                 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6,
1333                 0x59, 0x9b, 0x1f, 0x65, 0x4c, 0xb4, 0x5a, 0x74,
1334
1335                 0xe3, 0x55, 0xa5
1336             }
1337         },
1338         {
1339             32,
1340             {
1341                 0xee, 0xa6, 0xa7, 0x25, 0x1c, 0x1e, 0x72, 0x91,
1342                 0x6d, 0x11, 0xc2, 0xcb, 0x21, 0x4d, 0x3c, 0x25,
1343                 0x25, 0x39, 0x12, 0x1d, 0x8e, 0x23, 0x4e, 0x65,
1344                 0x2d, 0x65, 0x1f, 0xa4, 0xc8, 0xcf, 0xf8, 0x80
1345             }
1346         },
1347         {
1348             16,
1349             {
1350                 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5,
1351                 0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9
1352             }
1353         },
1354     },
1355     { /* wrap 2^130-5 */
1356         {
1357             16,
1358             {
1359                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1360                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
1361             }
1362         },
1363         {
1364             32,
1365             {
1366                 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1367                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1368                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1369                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1370             }
1371         },
1372         {
1373             16,
1374             {
1375                 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1376                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1377             }
1378         },
1379     },
1380     { /* wrap 2^128 */
1381         {
1382             16,
1383             {
1384                 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1385                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1386             }
1387         },
1388         {
1389             32,
1390             {
1391                 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1392                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1393                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1394                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
1395             }
1396         },
1397         {
1398             16,
1399             {
1400                 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1401                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1402             }
1403         },
1404     },
1405     { /* limb carry */
1406         {
1407             48,
1408             {
1409                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1410                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1411                 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1412                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1413
1414                 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1415                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1416             }
1417         },
1418         {
1419             32,
1420             {
1421                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1422                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1423                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1424                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1425             }
1426         },
1427         {
1428             16,
1429             {
1430                 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1431                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1432             }
1433         },
1434     },
1435     { /* 2^130-5 */
1436         {
1437             48,
1438             {
1439                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1440                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1441                 0xfb, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
1442                 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe,
1443
1444                 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
1445                 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
1446             }
1447         },
1448         {
1449             32,
1450             {
1451                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1452                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1453                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1454                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1455             }
1456         },
1457         {
1458             16,
1459             {
1460                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1461                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1462
1463             }
1464         },
1465     },
1466     { /* 2^130-6 */
1467         {
1468             16,
1469             {
1470                 0xfd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1471                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
1472             }
1473         },
1474         {
1475             32,
1476             {
1477                 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1478                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1479                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1480                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1481             }
1482         },
1483         {
1484             16,
1485             {
1486                 0xfa, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
1487                 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
1488             }
1489         },
1490     },
1491     { /* 5*H+L reduction intermediate */
1492         {
1493             64,
1494             {
1495                 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9,
1496                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1497                 0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd,
1498                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1499
1500                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1501                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1502                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1503                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1504             }
1505         },
1506         {
1507             32,
1508             {
1509                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1510                 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1511                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1512                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1513             }
1514         },
1515         {
1516             16,
1517             {
1518                 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1519                 0x55, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1520             }
1521         },
1522     },
1523     { /* 5*H+L reduction final */
1524         {
1525             48,
1526             {
1527                 0xe3, 0x35, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0xb9,
1528                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1529                 0x33, 0x94, 0xd7, 0x50, 0x5e, 0x43, 0x79, 0xcd,
1530                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1531
1532                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1533                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1534
1535             }
1536         },
1537         {
1538             32,
1539             {
1540                 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1541                 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1542                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1543                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1544             }
1545         },
1546         {
1547             16,
1548             {
1549                 0x13, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1550                 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
1551             }
1552         }
1553     }
1554 };
1555
1556 static int test_poly1305(int idx)
1557 {
1558     POLY1305 poly1305;
1559     const TESTDATA test = tests[idx];
1560     const unsigned char *in = test.input.data;
1561     size_t inlen = test.input.size;
1562     const unsigned char *key = test.key.data;
1563     const unsigned char *expected = test.expected.data;
1564     size_t expectedlen = test.expected.size;
1565     unsigned char out[16];
1566
1567     if (expectedlen != sizeof(out))
1568         return 0;
1569
1570     Poly1305_Init(&poly1305, key);
1571     Poly1305_Update(&poly1305, in, inlen);
1572     Poly1305_Final(&poly1305, out);
1573
1574     if (memcmp(out, expected, expectedlen) != 0) {
1575         fprintf(stderr, "Poly1305 test #%d failed.\n", idx);
1576         fprintf(stderr, "got:      ");
1577         hexdump(out, sizeof(out));
1578         fprintf(stderr, "\nexpected: ");
1579         hexdump(expected, expectedlen);
1580         fprintf(stderr, "\n");
1581         return 0;
1582     }
1583
1584     if (inlen > 16) {
1585         Poly1305_Init(&poly1305, key);
1586         Poly1305_Update(&poly1305, in, 1);
1587         Poly1305_Update(&poly1305, in+1, inlen-1);
1588         Poly1305_Final(&poly1305, out);
1589
1590         if (memcmp(out, expected, expectedlen) != 0) {
1591             fprintf(stderr, "Poly1305 test #%d/1+(N-1) failed.\n", idx);
1592             fprintf(stderr, "got:      ");
1593             hexdump(out, sizeof(out));
1594             fprintf(stderr, "\nexpected: ");
1595             hexdump(expected, expectedlen);
1596             fprintf(stderr, "\n");
1597             return 0;
1598         }
1599     }
1600
1601     if (inlen > 32) {
1602         size_t half = inlen / 2;
1603
1604         Poly1305_Init(&poly1305, key);
1605         Poly1305_Update(&poly1305, in, half);
1606         Poly1305_Update(&poly1305, in+half, inlen-half);
1607         Poly1305_Final(&poly1305, out);
1608
1609         if (memcmp(out, expected, expectedlen) != 0) {
1610             fprintf(stderr, "Poly1305 test #%d/2 failed.\n", idx);
1611             fprintf(stderr, "got:      ");
1612             hexdump(out, sizeof(out));
1613             fprintf(stderr, "\nexpected: ");
1614             hexdump(expected, expectedlen);
1615             fprintf(stderr, "\n");
1616             return 0;
1617         }
1618
1619         for (half = 16; half < inlen; half += 16) {
1620             Poly1305_Init(&poly1305, key);
1621             Poly1305_Update(&poly1305, in, half);
1622             Poly1305_Update(&poly1305, in+half, inlen-half);
1623             Poly1305_Final(&poly1305, out);
1624
1625             if (memcmp(out, expected, expectedlen) != 0) {
1626                 fprintf(stderr, "Poly1305 test #%d/%" OSSLzu "+%" OSSLzu " failed.\n",
1627                        idx, half, inlen-half);
1628                 fprintf(stderr, "got:      ");
1629                 hexdump(out, sizeof(out));
1630                 fprintf(stderr, "\nexpected: ");
1631                 hexdump(expected, expectedlen);
1632                 fprintf(stderr, "\n");
1633                 return 0;
1634             }
1635         }
1636     }
1637
1638     return 1;
1639 }
1640
1641 int main(int argc, char **argv)
1642 {
1643     int result = 0;
1644     int iter_argv;
1645     int benchmark = 0;
1646
1647     for (iter_argv = 1; iter_argv < argc; iter_argv++) {
1648         if (strcmp(argv[iter_argv], "-b") == 0)
1649             benchmark = 1;
1650         else if (strcmp(argv[iter_argv], "-h") == 0)
1651             goto help;
1652     }
1653
1654     ADD_ALL_TESTS(test_poly1305, OSSL_NELEM(tests));
1655
1656     result = run_tests(argv[0]);
1657
1658     if (benchmark)
1659         benchmark_poly1305();
1660
1661     return result;
1662
1663  help:
1664     printf("-h\tThis help\n");
1665     printf("-b\tBenchmark in addition to the tests\n");
1666
1667     return 0;
1668 }