1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "standardexchangetask_fuzzer.h"
17 #include "alg_loader.h"
18 #include "device_auth_defines.h"
19 #include "securec.h"
20 #include "identity_defines.h"
21 #include "common_standard_bind_exchange.h"
22
23 namespace OHOS {
24 static const std::string TEST_APP_ID = "TestAppId";
25 static const std::string TEST_GROUP_ID = "TestGroupId";
26 static const std::string TEST_AUTH_ID = "TestAuthId";
27 static const std::string TEST_SALT = "2f7562744654535564586e665467546b";
28
29 static const int AUTH_ID_LENGTH = 10;
30 static const int PUB_KEY_LENGTH = 128;
31 static const int NONCE_LENGTH = 64;
32 static const int INVALID_CIPHER_LENGTH = 16;
33 static const int VALID_CIPHER_LENGTH = 32;
34
StandardExchangeTaskTest001()35 static int32_t StandardExchangeTaskTest001()
36 {
37 PakeParams pakeParams;
38 pakeParams.packageName = const_cast<char *>(TEST_APP_ID.c_str());
39 pakeParams.serviceType = const_cast<char *>(TEST_GROUP_ID.c_str());
40 int32_t ret = ClientConfirmStandardBindExchange(&pakeParams, nullptr);
41 if (ret != HC_SUCCESS) {
42 return HC_FALSE;
43 }
44 return HC_SUCCESS;
45 }
46
StandardExchangeTaskTest002()47 static int32_t StandardExchangeTaskTest002()
48 {
49 int32_t ret = InitStandardBindExchangeParams(nullptr);
50 if (ret != HC_ERR_INVALID_PARAMS) {
51 return HC_FALSE;
52 }
53
54 DestroyStandardBindExchangeParams(nullptr);
55
56 StandardBindExchangeParams params;
57 DestroyStandardBindExchangeParams(¶ms);
58 return HC_SUCCESS;
59 }
60
StandardExchangeTaskTest003()61 static int32_t StandardExchangeTaskTest003()
62 {
63 PakeParams pakeParams;
64 pakeParams.userType = KEY_ALIAS_PSK;
65 pakeParams.packageName = const_cast<char *>(TEST_APP_ID.c_str());
66 pakeParams.serviceType = const_cast<char *>(TEST_GROUP_ID.c_str());
67 uint8_t authId[AUTH_ID_LENGTH] = { 0 };
68 (void)memcpy_s(authId, AUTH_ID_LENGTH, TEST_AUTH_ID.c_str(), AUTH_ID_LENGTH);
69 pakeParams.baseParams.idSelf.val = authId;
70 pakeParams.baseParams.idSelf.length = AUTH_ID_LENGTH;
71 pakeParams.baseParams.loader = GetLoaderInstance();
72
73 // pubKeySelf is null, exportPubKey failed
74 int32_t ret = ClientRequestStandardBindExchange(&pakeParams, nullptr);
75 if (ret == HC_SUCCESS) {
76 return HC_FALSE;
77 }
78
79 uint8_t publicKey[PUB_KEY_LENGTH] = { 0 };
80 StandardBindExchangeParams exchangeParams;
81 exchangeParams.pubKeySelf.val = publicKey;
82 exchangeParams.pubKeySelf.length = PUB_KEY_LENGTH;
83
84 ret = ClientRequestStandardBindExchange(&pakeParams, &exchangeParams);
85 if (ret == HC_SUCCESS) {
86 return HC_FALSE;
87 }
88
89 uint32_t challengeLen = HcStrlen(TEST_SALT.c_str());
90 uint8_t *challengeVal = static_cast<uint8_t *>(HcMalloc(challengeLen, 0));
91 (void)memcpy_s(challengeVal, challengeLen, TEST_SALT.c_str(), challengeLen);
92
93 pakeParams.baseParams.challengeSelf.val = challengeVal;
94 pakeParams.baseParams.challengeSelf.length = challengeLen;
95
96 ret = ClientRequestStandardBindExchange(&pakeParams, &exchangeParams);
97 if (ret == HC_SUCCESS) {
98 return HC_FALSE;
99 }
100
101 pakeParams.baseParams.challengePeer.val = challengeVal;
102 pakeParams.baseParams.challengePeer.length = challengeLen;
103
104 ret = ClientRequestStandardBindExchange(&pakeParams, &exchangeParams);
105 if (ret == HC_SUCCESS) {
106 return HC_FALSE;
107 }
108
109 uint8_t nonceVal[NONCE_LENGTH] = { 0 };
110 exchangeParams.nonce.val = nonceVal;
111 exchangeParams.nonce.length = NONCE_LENGTH;
112
113 // aesGcmEncrypt failed, no sessionkey
114 ret = ClientRequestStandardBindExchange(&pakeParams, &exchangeParams);
115 if (ret == HC_SUCCESS) {
116 return HC_FALSE;
117 }
118 HcFree(challengeVal);
119 return HC_TRUE;
120 }
121
122
StandardExchangeTaskTest004()123 static int32_t StandardExchangeTaskTest004()
124 {
125 PakeParams pakeParams;
126 pakeParams.userType = KEY_ALIAS_PSK;
127 pakeParams.packageName = const_cast<char *>(TEST_APP_ID.c_str());
128 pakeParams.serviceType = const_cast<char *>(TEST_GROUP_ID.c_str());
129 uint8_t authId[AUTH_ID_LENGTH] = { 0 };
130 (void)memcpy_s(authId, AUTH_ID_LENGTH, TEST_AUTH_ID.c_str(), AUTH_ID_LENGTH);
131 pakeParams.baseParams.idSelf.val = authId;
132 pakeParams.baseParams.idSelf.length = AUTH_ID_LENGTH;
133 pakeParams.baseParams.loader = GetLoaderInstance();
134
135 StandardBindExchangeParams exchangeParams;
136 exchangeParams.exInfoCipher.length = INVALID_CIPHER_LENGTH;
137
138 int32_t ret = ServerResponseStandardBindExchange(&pakeParams, &exchangeParams);
139 if (ret != HC_ERR_ALLOC_MEMORY) {
140 return HC_FALSE;
141 }
142
143 exchangeParams.exInfoCipher.length = VALID_CIPHER_LENGTH;
144 ret = ServerResponseStandardBindExchange(&pakeParams, &exchangeParams);
145 if (ret == HC_SUCCESS) {
146 return HC_FALSE;
147 }
148 return HC_TRUE;
149 }
150
FuzzDoRegCallback(const uint8_t * data,size_t size)151 bool FuzzDoRegCallback(const uint8_t* data, size_t size)
152 {
153 (void)data;
154 (void)size;
155 (void)StandardExchangeTaskTest001();
156 (void)StandardExchangeTaskTest002();
157 (void)StandardExchangeTaskTest003();
158 (void)StandardExchangeTaskTest004();
159 return true;
160 }
161 }
162
163 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)164 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
165 {
166 /* Run your code on data */
167 OHOS::FuzzDoRegCallback(data, size);
168 return 0;
169 }
170
171