• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025-2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "cminstallsystemappcert_fuzzer.h"
17 
18 #include "cert_manager_api.h"
19 #include "cm_fuzz_test_common.h"
20 #include "cm_test_common.h"
21 
22 namespace {
23 const uint32_t MAX_LEVEL = 5;
24 }
25 
26 using namespace CmFuzzTest;
27 namespace OHOS {
28 
CreateCertParam(struct CmAppCertParam & certParam,uint8_t * myData,uint32_t & remainSize,uint32_t & offset)29     static bool CreateCertParam(struct CmAppCertParam &certParam, uint8_t *myData,
30         uint32_t &remainSize, uint32_t &offset)
31     {
32         if (!GetCmBlobFromBuffer(myData, &remainSize, &offset, certParam.appCert)) {
33             return false;
34         }
35 
36         if (!GetCmBlobFromBuffer(myData, &remainSize, &offset, certParam.appCertPwd)) {
37             return false;
38         }
39 
40         if (!GetCmBlobFromBuffer(myData, &remainSize, &offset, certParam.certAlias)) {
41             return false;
42         }
43 
44         uint32_t store;
45         if (!GetUintFromBuffer(myData, &remainSize, &offset, &store)) {
46             return false;
47         }
48 
49         uint32_t userId;
50         if (!GetUintFromBuffer(myData, &remainSize, &offset, &userId)) {
51             return false;
52         }
53 
54         uint32_t level;
55         if (!GetUintFromBuffer(myData, &remainSize, &offset, &level)) {
56             return false;
57         }
58         level = level % MAX_LEVEL;
59 
60         certParam.store = store;
61         certParam.userId = userId;
62         certParam.level = static_cast<CmAuthStorageLevel>(level);
63         return true;
64     }
65 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)66     bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
67     {
68         uint32_t minSize = sizeof(struct CmAppCertParam) + sizeof(struct CmBlob);
69         uint8_t *myData = nullptr;
70         if (!CopyMyData(data, size, minSize, &myData)) {
71             return false;
72         }
73 
74         uint32_t remainSize = static_cast<uint32_t>(size);
75         uint32_t offset = 0;
76 
77         struct CmBlob appCert = { 0, nullptr };
78         struct CmBlob appCertPwd = { 0, nullptr };
79         struct CmBlob certAlias = { 0, nullptr };
80 
81         struct CmAppCertParam certParam = {
82             certParam.appCert = &appCert,
83             certParam.appCertPwd = &appCertPwd,
84             certParam.certAlias = &certAlias
85         };
86 
87         if (!CreateCertParam(certParam, myData, remainSize, offset)) {
88             CmFree(myData);
89             return false;
90         }
91 
92         struct CmBlob keyUri = { 0, nullptr };
93         if (!GetCmBlobFromBuffer(myData, &remainSize, &offset, &keyUri)) {
94             CmFree(myData);
95             return false;
96         }
97 
98         CertmanagerTest::MockHapToken mockHap;
99         (void)CmInstallSystemAppCert(&certParam, &keyUri);
100 
101         CmFree(myData);
102         return true;
103     }
104 }
105 
106 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)107 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
108 {
109     /* Run your code on data */
110     OHOS::DoSomethingInterestingWithMyAPI(data, size);
111     return 0;
112 }
113