Poly1305 test vectors

[jdluzen]

Hello and thanks for this great project. I look forward to when encryption is on by default everywhere.
I am currently porting this project to C#. Test vectors for NH passed easily, however I'm having trouble with Poly1305. As far as I understand it, Poly1305 isn't the stock algorithm, there was a few tweaks to it. How do the other.json and Poly1305.json test vectors work? For the first entry in other.json, the key is 851f... and the message to MAC is f3f6, resulting in f4c6... correct? What is the mask_hex for? I've tried a number of different things, including running the C code in a C++/CLI project to aid in porting, and am still unable to get a test vector to pass.

[ciphergoth]

There are no tweaks - we use a function defined in the Poly1305 paper exactly the way it's defined. In the paper, it's used to build an AES-based MAC, while in RFC 7539 it's used to build an AEAD mode that also uses ChaCha20; we use it for a third purpose. The other.json test vectors are taken directly from the Poly1305 paper, so they illustrate the use of this function to build a MAC; the "mask" is added to the output of the function we use to generate the MAC.