Add some negative testing for ecdsa_verify()

include/mbedtls/ecdsa.h

@@ -120,7 +120,7 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi
  *                  prescribed by SEC1 4.1.4 step 3.
  *
  * \return          0 if successful,
- *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
+ *                  MBEDTLS_ERR_ECP_VERIFY_FAILED if signature is invalid
  *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
  */
 int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,

tests/suites/test_suite_ecdsa.function

@@ -87,6 +87,16 @@ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str,
 
     TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 );
 
+    TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 );
+    TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 );
+
+    TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
+                 &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+    TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
+                 &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+    TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
+                 &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+
 exit:
     mbedtls_ecp_group_free( &grp );
     mbedtls_ecp_point_free( &Q );
@@ -178,13 +188,13 @@ void ecdsa_write_read_random( int id )
     /* try modifying r */
     sig[10]++;
     TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
-                 sig, sig_len ) != 0 );
+                 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
     sig[10]--;
 
     /* try modifying s */
     sig[sig_len - 1]++;
     TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
-                 sig, sig_len ) != 0 );
+                 sig, sig_len ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
     sig[sig_len - 1]--;
 
 exit: