From d0a66ccde3c0e7cb99d9f67aa436cf13535b2e3e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 13 Jun 2018 09:53:21 +0200
Subject: [PATCH] post-merge: fix ECDSA test vector testing

The way we do negative tests only works if the initial test was positive.

This was not immediately apparent with the set of test data at the time the
code for negative testing was introduced, but it became apparent with the
addition of the "0 private value" / "overlong private value" tests that
happened in development while this branch was developed.
---
 tests/suites/test_suite_ecdsa.function | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 4e4ee6d54..d87c98e4c 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -88,18 +88,18 @@ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str,
         TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 );
 
         TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 );
+
+        TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 );
+        TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 );
+
+        TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
+                     &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+        TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
+                     &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
+        TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
+                     &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
     }
 
-    TEST_ASSERT( mbedtls_mpi_sub_int( &r, &r, 1 ) == 0 );
-    TEST_ASSERT( mbedtls_mpi_add_int( &s, &s, 1 ) == 0 );
-
-    TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
-                 &Q, &r, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
-    TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
-                 &Q, &r_check, &s ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
-    TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen,
-                 &grp.G, &r_check, &s_check ) == MBEDTLS_ERR_ECP_VERIFY_FAILED );
-
 exit:
     mbedtls_ecp_group_free( &grp );
     mbedtls_ecp_point_free( &Q );