Better tests for signatures and MACs

We currently verify that a message which is signed and then munged in a few specific ways will no longer verify, but I'd like to do better - ideally some form of random permutation of the message according to a few patterns (adding stuff on the end, cutting stuff off, flipping bits, etc).