Strengthen psa_mac_verify testing
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index 8ee459e..bd3012c 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -62,10 +62,16 @@
size_t input_len = strlen(input);
PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, input_len, mac, sizeof(mac), &mac_length));
+ // manual comparison against expected MAC
ASSERT_COMPARE(expected_mac->x, expected_mac->len, mac, mac_length);
+ // use psa_mac_verify to compare to expected MAC
PSA_ASSERT(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, expected_mac->len));
+ // corrupt the MAC and check that psa_mac_verify fails
+ expected_mac->x[0] ^= 0x7f;
+ TEST_EQUAL(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, expected_mac->len), PSA_ERROR_INVALID_SIGNATURE);
+
PSA_ASSERT(psa_destroy_key(key));
exit:
PSA_DONE();