X-Git-Url: https://bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=test%2Ftest_crypto.c;h=7e282ab06c63c24df3723988cf97447bab6aa439;hp=fd0b3968f99f63ec85caa6559b1d7b0940cd9227;hb=ea95d8264c6aefe742a9c3f4f9d834b188566a29;hpb=eaa0d38fa8d514aab87b56c6a27d75fa06cdec7e

diff --git a/test/test_crypto.c b/test/test_crypto.c
index fd0b396..7e282ab 100644
--- a/test/test_crypto.c
+++ b/test/test_crypto.c
@@ -1075,21 +1075,43 @@ test_HMAC_DRBG(void)
 }
 
 static void
-do_KAT_PRF(
-	void (*prf)(void *dst, size_t len,
-		const void *secret, size_t secret_len,
-		const char *label, const void *seed, size_t seed_len),
+do_KAT_PRF(br_tls_prf_impl prf,
 	const char *ssecret, const char *label, const char *sseed,
 	const char *sref)
 {
 	unsigned char secret[100], seed[100], ref[500], out[500];
 	size_t secret_len, seed_len, ref_len;
+	br_tls_prf_seed_chunk chunks[2];
 
 	secret_len = hextobin(secret, ssecret);
 	seed_len = hextobin(seed, sseed);
 	ref_len = hextobin(ref, sref);
-	prf(out, ref_len, secret, secret_len, label, seed, seed_len);
-	check_equals("TLS PRF KAT", out, ref, ref_len);
+
+	chunks[0].data = seed;
+	chunks[0].len = seed_len;
+	prf(out, ref_len, secret, secret_len, label, 1, chunks);
+	check_equals("TLS PRF KAT 1", out, ref, ref_len);
+
+	chunks[0].data = seed;
+	chunks[0].len = seed_len;
+	chunks[1].data = NULL;
+	chunks[1].len = 0;
+	prf(out, ref_len, secret, secret_len, label, 2, chunks);
+	check_equals("TLS PRF KAT 2", out, ref, ref_len);
+
+	chunks[0].data = NULL;
+	chunks[0].len = 0;
+	chunks[1].data = seed;
+	chunks[1].len = seed_len;
+	prf(out, ref_len, secret, secret_len, label, 2, chunks);
+	check_equals("TLS PRF KAT 3", out, ref, ref_len);
+
+	chunks[0].data = seed;
+	chunks[0].len = seed_len >> 1;
+	chunks[1].data = seed + chunks[0].len;
+	chunks[1].len = seed_len - chunks[0].len;
+	prf(out, ref_len, secret, secret_len, label, 2, chunks);
+	check_equals("TLS PRF KAT 4", out, ref, ref_len);
 }
 
 static void
@@ -5062,6 +5084,39 @@ test_EC_inner(const char *sk, const char *sU,
 	fflush(stdout);
 }
 
+static void
+test_EC_P256_carry_inner(const br_ec_impl *impl, const char *sP, const char *sQ)
+{
+	unsigned char P[65], Q[sizeof P], k[1];
+	size_t plen, qlen;
+
+	plen = hextobin(P, sP);
+	qlen = hextobin(Q, sQ);
+	if (plen != sizeof P || qlen != sizeof P) {
+		fprintf(stderr, "KAT is incorrect\n");
+		exit(EXIT_FAILURE);
+	}
+	k[0] = 0x10;
+	if (impl->mul(P, plen, k, 1, BR_EC_secp256r1) != 1) {
+		fprintf(stderr, "P-256 multiplication failed\n");
+		exit(EXIT_FAILURE);
+	}
+	check_equals("P256_carry", P, Q, plen);
+	printf(".");
+	fflush(stdout);
+}
+
+static void
+test_EC_P256_carry(const br_ec_impl *impl)
+{
+	test_EC_P256_carry_inner(impl,
+		"0435BAA24B2B6E1B3C88E22A383BD88CC4B9A3166E7BCF94FF6591663AE066B33B821EBA1B4FC8EA609A87EB9A9C9A1CCD5C9F42FA1365306F64D7CAA718B8C978",
+		"0447752A76CA890328D34E675C4971EC629132D1FC4863EDB61219B72C4E58DC5E9D51E7B293488CFD913C3CF20E438BB65C2BA66A7D09EABB45B55E804260C5EB");
+	test_EC_P256_carry_inner(impl,
+		"04DCAE9D9CE211223602024A6933BD42F77B6BF4EAB9C8915F058C149419FADD2CC9FC0707B270A1B5362BA4D249AFC8AC3DA1EFCA8270176EEACA525B49EE19E6",
+		"048DAC7B0BE9B3206FCE8B24B6B4AEB122F2A67D13E536B390B6585CA193427E63F222388B5F51D744D6F5D47536D89EEEC89552BCB269E7828019C4410DFE980A");
+}
+
 static void
 test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
 {
@@ -5074,6 +5129,7 @@ test_EC_KAT(const char *name, const br_ec_impl *impl, uint32_t curve_mask)
 			"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721",
 			"0460FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB67903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299",
 			impl, BR_EC_secp256r1);
+		test_EC_P256_carry(impl);
 	}
 	if (curve_mask & ((uint32_t)1 << BR_EC_secp384r1)) {
 		test_EC_inner(