• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "cmgetappcert_fuzzer.h"
17 
18 #include "cert_manager_api.h"
19 #include "cm_fuzz_test_common.h"
20 #include "cm_test_common.h"
21 
22 namespace {
23 const uint32_t UINT32_COUNT = 4;
24 const uint32_t CM_BLOB_COUNT = 2;
25 }
26 
27 using namespace CmFuzzTest;
28 namespace OHOS {
CreateCredCert(struct Credential & credCert,uint8_t * myData,uint32_t & remainSize,uint32_t & offset)29     static bool CreateCredCert(struct Credential &credCert, uint8_t *myData,
30         uint32_t &remainSize, uint32_t &offset)
31     {
32         if (!GetCmBlobFromBuffer(myData, &remainSize, &offset, &credCert.credData)) {
33             return false;
34         }
35         uint32_t isExist;
36         if (!GetUintFromBuffer(myData, &remainSize, &offset, &isExist)) {
37             return false;
38         }
39         uint32_t certNum;
40         if (!GetUintFromBuffer(myData, &remainSize, &offset, &certNum)) {
41             return false;
42         }
43         uint32_t keyNum;
44         if (!GetUintFromBuffer(myData, &remainSize, &offset, &keyNum)) {
45             return false;
46         }
47         credCert.isExist = isExist;
48         credCert.certNum = certNum;
49         credCert.keyNum = keyNum;
50         return true;
51     }
52 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)53     bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
54     {
55         uint32_t minSize = sizeof(struct CmBlob) * CM_BLOB_COUNT + sizeof(uint32_t) * UINT32_COUNT;
56         uint8_t *myData = nullptr;
57         if (!CopyMyData(data, size, minSize, &myData)) {
58             return false;
59         }
60 
61         uint32_t remainSize = static_cast<uint32_t>(size);
62         uint32_t offset = 0;
63         struct CmBlob appCertUri = { 0, nullptr };
64         if (!GetCmBlobFromBuffer(myData, &remainSize, &offset, &appCertUri)) {
65             CmFree(myData);
66             return false;
67         }
68         uint32_t store;
69         if (!GetUintFromBuffer(myData, &remainSize, &offset, &store)) {
70             CmFree(myData);
71             return false;
72         }
73 
74         struct CmBlob credData = { 0, nullptr };
75 
76         struct Credential credCert = {
77             .type = "type",
78             .alias = "alias",
79             .keyUri = "uri",
80             .credData = credData
81         };
82 
83         if (!CreateCredCert(credCert, myData, remainSize, offset)) {
84             CmFree(myData);
85             return false;
86         }
87 
88         CertmanagerTest::MockHapToken mockHap;
89         (void)CmGetAppCert(&appCertUri, store, &credCert);
90 
91         CmFree(myData);
92         return true;
93     }
94 }
95 
96 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)97 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
98 {
99     /* Run your code on data */
100     OHOS::DoSomethingInterestingWithMyAPI(data, size);
101     return 0;
102 }
103