From d2c9f6d256990628f8179ad6e3006f38f6db166d Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Thu, 27 Jul 2023 13:00:02 +0100
Subject: [PATCH] Strengthen psa_mac_verify testing

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 tests/suites/test_suite_psa_crypto_hash.function | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index 8ee459e43..bd3012c4d 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -62,10 +62,16 @@ void hmac(int alg_arg, char *input, data_t *expected_mac)
     size_t input_len = strlen(input);
     PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, input_len, mac, sizeof(mac), &mac_length));
 
+    // manual comparison against expected MAC
     ASSERT_COMPARE(expected_mac->x, expected_mac->len, mac, mac_length);
 
+    // use psa_mac_verify to compare to expected MAC
     PSA_ASSERT(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, expected_mac->len));
 
+    // corrupt the MAC and check that psa_mac_verify fails
+    expected_mac->x[0] ^= 0x7f;
+    TEST_EQUAL(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, expected_mac->len), PSA_ERROR_INVALID_SIGNATURE);
+
     PSA_ASSERT(psa_destroy_key(key));
 exit:
     PSA_DONE();