• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "x509distinguished_name_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include "securec.h"
21 
22 #include "cf_memory.h"
23 #include "cf_blob.h"
24 #include "cf_result.h"
25 #include "x509_distinguished_name.h"
26 
27 namespace OHOS {
28     static char g_nameStr[] = "/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US";
29     static uint8_t g_nameDer[] = {
30         0x30, 0x44, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
31         0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x44, 0x69,
32         0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49, 0x6e, 0x63, 0x31, 0x1e, 0x30, 0x1c,
33         0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x15, 0x47, 0x65, 0x6f, 0x54, 0x72, 0x75, 0x73,
34         0x74, 0x20, 0x52, 0x53, 0x41, 0x20, 0x43, 0x4e, 0x20, 0x43, 0x41, 0x20, 0x47, 0x32
35     };
36     static char g_queryStr[] = "CN";
37     static bool g_testFlag = true;
38 
TestQuery(HcfX509DistinguishedName * x509DistinguishedNameObj)39     static void TestQuery(HcfX509DistinguishedName *x509DistinguishedNameObj)
40     {
41         CfBlob name = { 0 };
42         (void)x509DistinguishedNameObj->getName(x509DistinguishedNameObj, nullptr, &name, nullptr);
43 
44         CfArray array = { 0 };
45         CfBlob type = { 0 };
46         type.data = reinterpret_cast<uint8_t *>(g_queryStr);
47         type.size = strlen(g_queryStr) + 1;
48         (void)x509DistinguishedNameObj->getName(x509DistinguishedNameObj, &type, nullptr, &array);
49         CfArrayDataClearAndFree(&array);
50 
51         CfEncodingBlob hashCodeBlob = { 0 };
52         (void)x509DistinguishedNameObj->getEncode(x509DistinguishedNameObj, &hashCodeBlob);
53         CfEncodingBlobDataFree(&hashCodeBlob);
54     }
55 
CreateOneDistinguishedName(void)56     static void CreateOneDistinguishedName(void)
57     {
58         CfBlob nameDerStream = { 0 };
59         nameDerStream.data = g_nameDer;
60         nameDerStream.size = sizeof(g_nameDer) / sizeof(uint8_t) + 1;
61         HcfX509DistinguishedName *x509DistinguishedNameObj = nullptr;
62         CfResult res = HcfX509DistinguishedNameCreate(&nameDerStream, false, &x509DistinguishedNameObj);
63         if (res != CF_SUCCESS) {
64             return;
65         }
66         TestQuery(x509DistinguishedNameObj);
67         CfObjDestroy(x509DistinguishedNameObj);
68 
69         // in param string
70         x509DistinguishedNameObj = nullptr;
71         CfBlob nameStrStream = { 0 };
72         nameStrStream.data = reinterpret_cast<uint8_t *>(g_nameStr);
73         nameStrStream.size = strlen(g_nameStr) + 1;
74         res = HcfX509DistinguishedNameCreate(&nameStrStream, true, &x509DistinguishedNameObj);
75         if (res != CF_SUCCESS) {
76             return;
77         }
78         TestQuery(x509DistinguishedNameObj);
79         CfObjDestroy(x509DistinguishedNameObj);
80     }
81 
X509DistinguishedNameFuzzTest(const uint8_t * data,size_t size)82     bool X509DistinguishedNameFuzzTest(const uint8_t* data, size_t size)
83     {
84         if (g_testFlag) {
85             CreateOneDistinguishedName();
86             g_testFlag = false;
87         }
88         if (data == nullptr || size < 1) {
89             return false;
90         }
91         uint8_t *testData = static_cast<uint8_t *>(CfMalloc(size + 1, sizeof(uint8_t)));
92         if (testData == nullptr) {
93             return false;
94         }
95         CfBlob inStream = { 0 };
96         inStream.data = testData;
97         inStream.size = size + 1;
98         HcfX509DistinguishedName *x509DistinguishedNameObj = nullptr;
99         CfResult res = HcfX509DistinguishedNameCreate(&inStream, false, &x509DistinguishedNameObj);
100         if (res != CF_SUCCESS) {
101             CfFree(testData);
102             return false;
103         }
104         CfObjDestroy(x509DistinguishedNameObj);
105 
106         // in param string
107         x509DistinguishedNameObj = nullptr;
108         res = HcfX509DistinguishedNameCreate(&inStream, true, &x509DistinguishedNameObj);
109         if (res != CF_SUCCESS) {
110             CfFree(testData);
111             return false;
112         }
113         CfObjDestroy(x509DistinguishedNameObj);
114         CfFree(testData);
115         return true;
116     }
117 }
118 
119 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)120 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
121 {
122     /* Run your code on data */
123     OHOS::X509DistinguishedNameFuzzTest(data, size);
124     return 0;
125 }
126