From 7beac5cad91bef88ce13f38d53ef889cbf2a7d8a Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Thu, 26 May 2016 09:26:09 +0100
Subject: [PATCH] symm/t/poly1305: Add the tests from Bernstein's original
 paper.

They were tucked away in an appendix and I missed them.  Also, I
implemented from the NaCl paper, which is a better fit for modern usage.
---
 symm/t/poly1305 | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/symm/t/poly1305 b/symm/t/poly1305
index 6f743966..7ec03805 100644
--- a/symm/t/poly1305
+++ b/symm/t/poly1305
@@ -1,4 +1,20 @@
 poly1305-hash {
+  ## The tests from Danial J. Bernstein, `The Poly1305-AES message-
+  ## authentication code', 2005-03-29, Appendix B,
+  ## https://cr.yp.to/mac/poly1305-20050329.pdf
+  851fc40c3467ac0be05cc20404f3f700 580b3b0f9447bb1e69d095b5928b6dbc
+    f3f6
+    f4c633c3044fc145f84f335cb81953de;
+  a0f3080000f46400d0c7e9076c834403 dd3fab2251f11ac759f0887129cc2ee7
+    ""
+    dd3fab2251f11ac759f0887129cc2ee7;
+  48443d0bb0d21109c89a100b5ce2c208 83149c69b561dd88298a1798b10716ef
+    663cea190ffb83d89593f3f476b6bc24d7e679107ea26adb8caf6652d0656136
+    0ee1c16bb73f0f4fd19881753c01cdbe;
+  12976a08c4426d0ce8a82407c4f48207 80f8c20aa71202d1e29179cbcb555a57
+    ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb21095c1bf9
+    5154ad0d2cb26e01274fc51148491f1b;
+
   ## This one's from Daniel J. Bernstein, `Cryptography in NaCL', 2009-03-10,
   ## https://cr.yp.to/highspeed/naclcrypto-20090310.pdf
   eea6a7251c1e72916d11c2cb214d3c25 2539121d8e234e652d651fa4c8cff880
-- 
2.11.0