Add some negative testing for ecdsa_verify()
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 88e07a9..491ab43 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -87,6 +87,16 @@
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 );
+ TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 );
+
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
+ &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
+ &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+ TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
+ &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+
exit:
mbedtls_ecp_group_free( &grp );
mbedtls_ecp_point_free( &Q );
@@ -178,13 +188,13 @@
/* try modifying r */
sig[10]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) != 0 );
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
sig[10]--;
/* try modifying s */
sig[sig_len - 1]++;
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
- sig, sig_len ) != 0 );
+ sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
sig[sig_len - 1]--;
exit: