pkcs7/test: Let verify take dynamic number of certs

Previously there were two test functions for verify.
One allowed for the verification of one certificate and
the other allowed for verification of two certificates.

Merge these two functions into one function that can take
any number of certificates as an argument.

Signed-off-by: Nick Child <nick.child@ibm.com>

tests/suites/test_suite_pkcs7.data

@@ -76,15 +76,15 @@ pkcs7_parse:"data_files/pkcs7_data_cert_signeddata_sha256.der":MBEDTLS_PKCS7_SIG
 
 PKCS7 Signed Data Verify with multiple signers #16
 depends_on:MBEDTLS_SHA256_C
-pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":0:0
+pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":0:0
 
 PKCS7 Signed Data Hash Verify with multiple signers #17
 depends_on:MBEDTLS_SHA256_C
-pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0
+pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA256:0
 
 PKCS7 Signed Data Hash Verify Fail with multiple signers #18
 depends_on:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C
-pkcs7_verify_multiple_signers:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt":"data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL
+pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL
 
 PKCS7 Signed Data Verify Fail Expired Cert #19
 depends_on:MBEDTLS_SHA256_C

tests/suites/test_suite_pkcs7.function

@@ -55,96 +55,53 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
-void pkcs7_verify(char *pkcs7_file, char *crt, char *filetobesigned, int do_hash_alg,
+void pkcs7_verify(char *pkcs7_file,
+                  char *crt_files,
+                  char *filetobesigned,
+                  int do_hash_alg,
                   int res_expect)
 {
     unsigned char *pkcs7_buf = NULL;
-    size_t buflen;
+    size_t buflen, i, k, cnt = 0, n_crts = 1;
     unsigned char *data = NULL;
+    char **crt_files_arr = NULL;
     unsigned char hash[64];
     struct stat st;
     size_t datalen;
     int res;
     FILE *file;
     const mbedtls_md_info_t *md_info;
-
     mbedtls_pkcs7 pkcs7;
-    mbedtls_x509_crt x509;
+    mbedtls_x509_crt **crts = NULL;
 
-    mbedtls_pkcs7_init(&pkcs7);
-    mbedtls_x509_crt_init(&x509);
 
-    USE_PSA_INIT();
+    /* crt_files are space seprated list */
-
+    for (i = 0; i < strlen(crt_files); i++) {
-    res = mbedtls_x509_crt_parse_file(&x509, crt);
+        if (crt_files[i] == ' ') {
-    TEST_EQUAL(res, 0);
+            n_crts++;
-
+        }
-    res = mbedtls_pk_load_file(pkcs7_file, &pkcs7_buf, &buflen);
-    TEST_EQUAL(res, 0);
-
-    res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen);
-    TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA);
-
-    res = stat(filetobesigned, &st);
-    TEST_EQUAL(res, 0);
-
-    file = fopen(filetobesigned, "rb");
-    TEST_ASSERT(file != NULL);
-
-    datalen = st.st_size;
-    ASSERT_ALLOC(data, datalen);
-    TEST_ASSERT(data != NULL);
-
-    buflen = fread((void *) data, sizeof(unsigned char), datalen, file);
-    TEST_EQUAL(buflen, datalen);
-    fclose(file);
-
-    if (do_hash_alg) {
-        md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) do_hash_alg);
-
-        res = mbedtls_md(md_info, data, datalen, hash);
-        TEST_EQUAL(res, 0);
-
-        res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509, hash, mbedtls_md_get_size(md_info));
-    } else {
-        res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509, data, datalen);
     }
-    TEST_EQUAL(res, res_expect);
 
-exit:
+    ASSERT_ALLOC(crts, sizeof(*crts)*n_crts);
-    mbedtls_x509_crt_free(&x509);
+    ASSERT_ALLOC(crt_files_arr, sizeof(*crt_files_arr)*n_crts);
-    mbedtls_free(data);
-    mbedtls_pkcs7_free(&pkcs7);
-    mbedtls_free(pkcs7_buf);
-    USE_PSA_DONE();
-}
-/* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
+    for (i = 0; i < strlen(crt_files); i++) {
-void pkcs7_verify_multiple_signers(char *pkcs7_file,
+        for (k = i; k < strlen(crt_files); k++) {
-                                   char *crt1,
+            if (crt_files[k] == ' ') {
-                                   char *crt2,
+                break;
-                                   char *filetobesigned,
+            }
-                                   int do_hash_alg,
+        }
-                                   int res_expect)
+        ASSERT_ALLOC(crt_files_arr[cnt], (k-i)+1);
-{
+        crt_files_arr[cnt][k-i] = '\0';
-    unsigned char *pkcs7_buf = NULL;
+        memcpy(crt_files_arr[cnt++], crt_files + i, k-i);
-    size_t buflen;
+        i = k;
-    unsigned char *data = NULL;
+    }
-    unsigned char hash[64];
-    struct stat st;
-    size_t datalen;
-    int res;
-    FILE *file;
-    const mbedtls_md_info_t *md_info;
-
-    mbedtls_pkcs7 pkcs7;
-    mbedtls_x509_crt x509_1;
-    mbedtls_x509_crt x509_2;
 
     mbedtls_pkcs7_init(&pkcs7);
-    mbedtls_x509_crt_init(&x509_1);
+    for (i = 0; i < n_crts; i++) {
-    mbedtls_x509_crt_init(&x509_2);
+        ASSERT_ALLOC(crts[i], sizeof(*crts[i]));
+        mbedtls_x509_crt_init(crts[i]);
+    }
 
     USE_PSA_INIT();
 
@@ -154,13 +111,12 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file,
     res = mbedtls_pkcs7_parse_der(&pkcs7, pkcs7_buf, buflen);
     TEST_EQUAL(res, MBEDTLS_PKCS7_SIGNED_DATA);
 
-    TEST_EQUAL(pkcs7.signed_data.no_of_signers, 2);
+    TEST_EQUAL(pkcs7.signed_data.no_of_signers, n_crts);
 
-    res = mbedtls_x509_crt_parse_file(&x509_1, crt1);
+    for (i = 0; i < n_crts; i++) {
-    TEST_EQUAL(res, 0);
+        res = mbedtls_x509_crt_parse_file(crts[i], crt_files_arr[i]);
-
+        TEST_EQUAL(res, 0);
-    res = mbedtls_x509_crt_parse_file(&x509_2, crt2);
+    }
-    TEST_EQUAL(res, 0);
 
     res = stat(filetobesigned, &st);
     TEST_EQUAL(res, 0);
@@ -181,21 +137,29 @@ void pkcs7_verify_multiple_signers(char *pkcs7_file,
         res = mbedtls_md(md_info, data, datalen, hash);
         TEST_EQUAL(res, 0);
 
-        res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_1, hash, mbedtls_md_get_size(md_info));
+        for (i = 0; i < n_crts; i++) {
-        TEST_EQUAL(res, res_expect);
+            res =
-        res = mbedtls_pkcs7_signed_hash_verify(&pkcs7, &x509_2, hash, mbedtls_md_get_size(md_info));
+                mbedtls_pkcs7_signed_hash_verify(&pkcs7, crts[i], hash,
-        TEST_EQUAL(res, res_expect);
+                                                 mbedtls_md_get_size(md_info));
+            TEST_EQUAL(res, res_expect);
+        }
     } else {
-        res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_1, data, datalen);
+        for (i = 0; i < n_crts; i++) {
-        TEST_EQUAL(res, res_expect);
+            res = mbedtls_pkcs7_signed_data_verify(&pkcs7, crts[i], data, datalen);
-        res = mbedtls_pkcs7_signed_data_verify(&pkcs7, &x509_2, data, datalen);
+            TEST_EQUAL(res, res_expect);
-        TEST_EQUAL(res, res_expect);
+        }
     }
 
 exit:
-    mbedtls_x509_crt_free(&x509_1);
+    for (i = 0; i < n_crts; i++) {
-    mbedtls_x509_crt_free(&x509_2);
+        mbedtls_x509_crt_free(crts[i]);
+        mbedtls_free(crts[i]);
+        mbedtls_free(crt_files_arr[i]);
+    }
+
     mbedtls_pkcs7_free(&pkcs7);
+    mbedtls_free(crt_files_arr);
+    mbedtls_free(crts);
     mbedtls_free(data);
     mbedtls_free(pkcs7_buf);
     USE_PSA_DONE();