andy/phs_v1.0.1.0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

提交 #1

Browse Source
This commit is contained in:
andy
2024-09-27 19:16:49 +08:00
commit 49d0cea04d
10000 changed files with 1616312 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
base/security/certificate_framework/test/fuzztest/cfcreate_fuzzer/BUILD.gn Normal file
View File

@@ -0,0 +1,54 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#####################hydra-fuzz###################
import("//build/config/features.gni")
import("//build/test.gni")
module_output_path = "certificate_framework/certificate"
##############################fuzztest##########################################
ohos_fuzztest("CfCreateFuzzTest") {
module_out_path = module_output_path
fuzz_config_file = "../../../test/fuzztest/cfcreate_fuzzer"
include_dirs = [
"include",
"../../../frameworks/common/v1.0/inc",
"../../../interfaces/innerkits/common",
"../../../interfaces/innerkits/include",
]
configs = [ "../../../config/build:coverage_flag_cc" ]
cflags = [
"-g",
"-O0",
"-Wno-unused-variable",
"-fno-omit-frame-pointer",
]
sources = [ "cfcreate_fuzzer.cpp" ]
deps = []
external_deps = [
"c_utils:utils",
"certificate_framework:certificate_framework_core",
]
}
###############################################################################
group("fuzztest") {
testonly = true
deps = []
deps += [
# deps file
":CfCreateFuzzTest",
]
}
###############################################################################

67
base/security/certificate_framework/test/fuzztest/cfcreate_fuzzer/cfcreate_fuzzer.cpp Normal file
View File

@@ -0,0 +1,67 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "cfcreate_fuzzer.h"
#include <securec.h>
#include "cf_api.h"
#include "cf_memory.h"
#include "cf_result.h"
namespace OHOS {
bool CfCreateFuzzTest(const uint8_t* data, size_t size)
{
if (size < sizeof(CfObjectType) + sizeof(CfEncodingBlob)) {
return false;
}
uint8_t *tmpData = const_cast<uint8_t *>(data);
size_t usedSize = 0;
CfObjectType objType = *(reinterpret_cast<CfObjectType *>(tmpData));
usedSize += sizeof(CfObjectType);
CfEncodingBlob inStream = { 0 };
inStream.encodingFormat = *(reinterpret_cast<enum CfEncodingFormat *>(tmpData + usedSize));
usedSize += sizeof(enum CfEncodingFormat);
inStream.len = *(reinterpret_cast<size_t *>(tmpData + usedSize));
usedSize += sizeof(size_t);
if (inStream.len > size - usedSize) {
return false;
}
inStream.data = static_cast<uint8_t *>(CfMalloc(inStream.len));
if (inStream.data == nullptr) {
return false;
}
(void)memcpy_s(inStream.data, inStream.len, tmpData + usedSize, inStream.len);
CfObject *object = nullptr;
(void)CfCreate(objType, &inStream, &object);
CfFree(inStream.data);
if (object != nullptr) {
object->destroy(&object);
}
return true;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
/* Run your code on data */
OHOS::CfCreateFuzzTest(data, size);
return 0;
}

21
base/security/certificate_framework/test/fuzztest/cfcreate_fuzzer/cfcreate_fuzzer.h Normal file
View File

@@ -0,0 +1,21 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_CREATE_FUZZER_H
#define CF_CREATE_FUZZER_H
#define FUZZ_PROJECT_NAME "cfcreate_fuzzer"
#endif

14
base/security/certificate_framework/test/fuzztest/cfcreate_fuzzer/corpus/init Normal file
View File

@@ -0,0 +1,14 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

25
base/security/certificate_framework/test/fuzztest/cfcreate_fuzzer/project.xml Normal file
View File

@@ -0,0 +1,25 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>1000</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>300</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>4096</rss_limit_mb>
</fuzztest>
</fuzz_config>

59
base/security/certificate_framework/test/fuzztest/cfgetandcheck_fuzzer/BUILD.gn Normal file
View File

@@ -0,0 +1,59 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#####################hydra-fuzz###################
import("//build/config/features.gni")
import("//build/test.gni")
module_output_path = "certificate_framework/certificate"
##############################fuzztest##########################################
ohos_fuzztest("CfGetAndCheckFuzzTest") {
module_out_path = module_output_path
fuzz_config_file = "../../../test/fuzztest/cfgetandcheck_fuzzer"
include_dirs = [
"include",
"../../../interfaces/innerkits/common",
"../../../interfaces/innerkits/include",
"../../../frameworks/common/v1.0/inc",
"../../../test/unittest/common/include",
]
configs =
[ "../../../config/build:coverage_flag_cc" ]
cflags = [
"-g",
"-O0",
"-Wno-unused-variable",
"-fno-omit-frame-pointer",
]
sources = [
"cfgetandcheck_fuzzer.cpp",
"../../../test/unittest/common/src/cf_test_sdk_common.cpp",
]
deps = [
]
external_deps = [
"certificate_framework:certificate_framework_core",
"c_utils:utils",
]
}
###############################################################################
group("fuzztest") {
testonly = true
deps = []
deps += [
# deps file
":CfGetAndCheckFuzzTest",
]
}

197
base/security/certificate_framework/test/fuzztest/cfgetandcheck_fuzzer/cfgetandcheck_fuzzer.cpp Normal file
View File

@@ -0,0 +1,197 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "cfgetandcheck_fuzzer.h"
#include <securec.h>
#include "cf_api.h"
#include "cf_memory.h"
#include "cf_param.h"
#include "cf_result.h"
#include "cf_test_sdk_common.h"
#include "cf_test_data.h"
using namespace CertframeworkSdkTest;
using namespace CertframeworkTestData;
namespace OHOS {
constexpr size_t PARAMS_SIZE_TWO = 2;
constexpr size_t PARAMS_SIZE_THREE = 3;
const static CfEncodingBlob g_cert[] = {
{ const_cast<uint8_t *>(g_certData01), sizeof(g_certData01), CF_FORMAT_DER },
};
const static CfEncodingBlob g_extensionBlob[] = {
{ const_cast<uint8_t *>(g_extensionData03), sizeof(g_extensionData03), CF_FORMAT_DER },
};
void TestCommonfunc(const CfObject *object, uint32_t cnt, const CfParam *params, uint32_t functype)
{
CfParamSet *inParamSet = nullptr;
CfParamSet *outParamSet = nullptr;
int32_t ret = TestConstructParamSetIn(params, cnt, &inParamSet);
if (ret != CF_SUCCESS) {
return;
}
if (functype == CF_TAG_GET_TYPE) {
(void)object->get(object, inParamSet, &outParamSet);
} else {
(void)object->check(object, inParamSet, &outParamSet);
}
CfFreeParamSet(&outParamSet);
CfFreeParamSet(&inParamSet);
}
void TestObjectTypeFunc1(const CfObject *object, uint8_t* data, size_t size)
{
size_t offset = 0;
if (size < (sizeof(CfParam) * PARAMS_SIZE_THREE)) {
return;
}
CfParam params[PARAMS_SIZE_THREE];
for (int i = 0; i < PARAMS_SIZE_THREE; i++) {
params[i].tag = *reinterpret_cast<uint32_t *>(data + offset);
offset += sizeof(uint32_t);
params[i].int32Param = *reinterpret_cast<int32_t *>(data + offset);
offset += sizeof(int32_t);
}
TestCommonfunc(object, PARAMS_SIZE_THREE, params, CF_TAG_GET_TYPE);
TestCommonfunc(object, PARAMS_SIZE_THREE, params, CF_TAG_CHECK_TYPE);
}
void TestObjectTypeFunc2(const CfObject *object, uint8_t* data, size_t size)
{
if (size < (sizeof(CfParam) * PARAMS_SIZE_TWO)) {
return;
}
CfParam params[] = {
{ .tag = CF_TAG_GET_TYPE, .int32Param = CF_GET_TYPE_EXT_ITEM },
{ .tag = CF_TAG_PARAM0_INT32, .int32Param = *reinterpret_cast<int32_t *>(data) },
};
TestCommonfunc(object, sizeof(params) / sizeof(CfParam), params, CF_TAG_GET_TYPE);
}
void TestObjectTypeFunc3(const CfObject *object, uint8_t* data, size_t size)
{
if (size < (sizeof(CfParam) * PARAMS_SIZE_TWO)) {
return;
}
CfParam params[] = {
{ .tag = CF_TAG_GET_TYPE, .int32Param = CF_GET_TYPE_EXT_OIDS },
{ .tag = CF_TAG_PARAM0_INT32, .int32Param = *reinterpret_cast<int32_t *>(data) },
};
TestCommonfunc(object, sizeof(params) / sizeof(CfParam), params, CF_TAG_GET_TYPE);
}
void TestObjectTypeFunc4(const CfObject *object, uint8_t* data, size_t size)
{
if (size < (sizeof(CfParam) * PARAMS_SIZE_THREE)) {
return;
}
CfBlob oid = { size - sizeof(uint32_t), reinterpret_cast<uint8_t *>(data + sizeof(uint32_t)) };
CfParam params[] = {
{ .tag = CF_TAG_GET_TYPE, .int32Param = CF_GET_TYPE_EXT_ENTRY },
{ .tag = CF_TAG_PARAM0_INT32, .int32Param = *reinterpret_cast<int32_t *>(data) },
{ .tag = CF_TAG_PARAM1_BUFFER, .blob = oid },
};
TestCommonfunc(object, sizeof(params) / sizeof(CfParam), params, CF_TAG_GET_TYPE);
}
void TestObjectTypeFunc5(const CfObject *object, uint8_t* data, size_t size)
{
if (size < (sizeof(CfParam) * PARAMS_SIZE_TWO)) {
return;
}
CfParam params[] = {
{ .tag = CF_TAG_GET_TYPE, .int32Param = CF_GET_TYPE_CERT_ITEM },
{ .tag = CF_TAG_PARAM0_INT32, .int32Param = *reinterpret_cast<int32_t *>(data) },
};
TestCommonfunc(object, sizeof(params) / sizeof(CfParam), params, CF_TAG_GET_TYPE);
}
void TestObjectTypeFunc6(const CfObject *object, uint8_t* data, size_t size)
{
if (size < (sizeof(CfParam))) {
return;
}
CfParam params[] = {
{ .tag = CF_TAG_CHECK_TYPE, .int32Param = *reinterpret_cast<int32_t *>(data) },
};
TestCommonfunc(object, sizeof(params) / sizeof(CfParam), params, CF_TAG_CHECK_TYPE);
}
bool CfObjectFuzzTest(const uint8_t* data, size_t size, CfObjectType objType)
{
uint8_t *tmpData = static_cast<uint8_t *>(CfMalloc(size));
if (tmpData == nullptr) {
return false;
}
(void)memcpy_s(tmpData, size, data, size);
CfObject *object = nullptr;
if (objType == CF_OBJ_TYPE_EXTENSION) {
int32_t ret = CfCreate(CF_OBJ_TYPE_EXTENSION, &g_extensionBlob[0], &object);
if (ret != CF_SUCCESS) {
CfFree(tmpData);
object->destroy(&object);
return false;
}
} else {
int32_t ret = CfCreate(CF_OBJ_TYPE_CERT, &g_cert[0], &object);
if (ret != CF_SUCCESS) {
CfFree(tmpData);
object->destroy(&object);
return false;
}
}
TestObjectTypeFunc1(object, tmpData, size);
TestObjectTypeFunc2(object, tmpData, size);
TestObjectTypeFunc3(object, tmpData, size);
TestObjectTypeFunc4(object, tmpData, size);
TestObjectTypeFunc5(object, tmpData, size);
TestObjectTypeFunc6(object, tmpData, size);
object->destroy(&object);
CfFree(tmpData);
return true;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
/* Run your code on data */
OHOS::CfObjectFuzzTest(data, size, CF_OBJ_TYPE_EXTENSION);
OHOS::CfObjectFuzzTest(data, size, CF_OBJ_TYPE_CERT);
return 0;
}

21
base/security/certificate_framework/test/fuzztest/cfgetandcheck_fuzzer/cfgetandcheck_fuzzer.h Normal file
View File

@@ -0,0 +1,21 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CF_GETANDCHECK_FUZZER_H
#define CF_GETANDCHECK_FUZZER_H
#define FUZZ_PROJECT_NAME "cfgetandcheck_fuzzer"
#endif

13
base/security/certificate_framework/test/fuzztest/cfgetandcheck_fuzzer/corpus/init Normal file
View File

@@ -0,0 +1,13 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

25
base/security/certificate_framework/test/fuzztest/cfgetandcheck_fuzzer/project.xml Normal file
View File

@@ -0,0 +1,25 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>1000</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>300</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>4096</rss_limit_mb>
</fuzztest>
</fuzz_config>

49
base/security/certificate_framework/test/fuzztest/v1.0/x509certificate_fuzzer/BUILD.gn Normal file
View File

@@ -0,0 +1,49 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#####################hydra-fuzz###################
import("//build/config/features.gni")
import("//build/test.gni")
module_output_path = "certificate_framework/certificate"
##############################fuzztest##########################################
ohos_fuzztest("X509CertificateFuzzTest") {
module_out_path = module_output_path
fuzz_config_file = "../x509certificate_fuzzer"
configs = [ "../../../../config/build:coverage_flag_cc" ]
cflags = [
"-g",
"-O0",
"-Wno-unused-variable",
"-fno-omit-frame-pointer",
]
sources = [ "x509certificate_fuzzer.cpp" ]
external_deps = [
"c_utils:utils",
"certificate_framework:certificate_framework_core",
"crypto_framework:crypto_framework_lib",
"hilog:libhilog",
]
}
###############################################################################
group("fuzztest") {
testonly = true
deps = []
deps += [
# deps file
":X509CertificateFuzzTest",
]
}
###############################################################################

14
base/security/certificate_framework/test/fuzztest/v1.0/x509certificate_fuzzer/corpus/init Normal file
View File

@@ -0,0 +1,14 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
FUZZ

25
base/security/certificate_framework/test/fuzztest/v1.0/x509certificate_fuzzer/project.xml Normal file
View File

@@ -0,0 +1,25 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>1000</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>300</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>4096</rss_limit_mb>
</fuzztest>
</fuzz_config>

169
base/security/certificate_framework/test/fuzztest/v1.0/x509certificate_fuzzer/x509certificate_fuzzer.cpp Normal file
View File

@@ -0,0 +1,169 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "x509certificate_fuzzer.h"
#include <cstddef>
#include <cstdint>
#include "securec.h"
#include "cf_blob.h"
#include "cf_result.h"
#include "x509_certificate.h"
namespace OHOS {
static char g_fuzzCert[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIIEMjCCAxqgAwIBAgICARAwDQYJKoZIhvcNAQELBQAwdjELMAkGA1UEBhMCQ04x\r\n"
"CzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjELMAkGA1UECgwCSEQxDDAKBgNVBAsM\r\n"
"A2RldjELMAkGA1UEAwwCY2ExJTAjBgkqhkiG9w0BCQEWFmNhQGNyeXB0b2ZyYW1l\r\n"
"d29yay5jb20wHhcNMjIwODE5MTI0OTA2WhcNMzIwODE2MTI0OTA2WjB2MQswCQYD\r\n"
"VQQGEwJDTjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQswCQYDVQQKDAJIRDEM\r\n"
"MAoGA1UECwwDZGV2MQswCQYDVQQDDAJjYTElMCMGCSqGSIb3DQEJARYWY2FAY3J5\r\n"
"cHRvZnJhbWV3b3JrLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\r\n"
"AJ8p0IWE7WwwbtATg+AbYQj33WNBBktU+/AVf+Tl1aAa4TOeW2/ZARc4sdwLVTxd\r\n"
"XCipFseuiGN30hwXrXFUHrcMf0w2sCkznJVZ/rQcfEO5Kb1vBz6DEEcgISYEhhqO\r\n"
"BfYBit5qfpq5R2+2R/Th/ybV+kBrUl+GssXbDAe6oZCy56lGphDvmHMUO7a13j+S\r\n"
"FmThMbI2yeyua1LagSoaBJfY1J+i7jWPmmEFR0dQ2p0EGjHTgQGhRo5VuwDHipNS\r\n"
"v0XP8OUA/PYbL/SBj1Fq4C3gtfvjeswUbzVaMoq/wCuy1qcXI80ZLe3whR24c0cX\r\n"
"YFO0uGi9egPp24fw7yYGqgECAwEAAaOByTCBxjAdBgNVHQ4EFgQUjKM7QmMBs01R\r\n"
"9uQttYN/GDkvt7UwHwYDVR0jBBgwFoAUjKM7QmMBs01R9uQttYN/GDkvt7UwEgYD\r\n"
"VR0TAQH/BAgwBgEB/wIBAjALBgNVHQ8EBAMCAQYwHQYDVR0lBBYwFAYIKwYBBQUH\r\n"
"AwEGCCsGAQUFBwMCMCEGA1UdEQQaMBiBFmNhQGNyeXB0b2ZyYW1ld29yay5jb20w\r\n"
"IQYDVR0SBBowGIEWY2FAY3J5cHRvZnJhbWV3b3JrLmNvbTANBgkqhkiG9w0BAQsF\r\n"
"AAOCAQEAh+4RE6cJ62/gLYssLkc7ESg7exKwZlmisHyBicuy/+XagOZ3cTbgQNXl\r\n"
"QoZKbw/ks/B/cInbQGYbpAm47Sudo+I/G9xj0X7gQB9wtSrbStOs6SjnLiYU0xFc\r\n"
"Fsc0j6k2SrlyiwRQcjS4POKiUS0Cm3F3DHGdj55PlBkXxudXCq2V3J3VwKf2bVjQ\r\n"
"bzz2+M/Q1m+P7FhB+JmeO8eemkqMQ0tFMU3EM441NpejC5iFVAGgownC8S0B+fxH\r\n"
"9dBJuHM6vpxEWw3ckZFDZQ1kd91YRgr7jY8fc0v/T0tzHWbOEVzklEIBWL1mompL\r\n"
"BCwe0/Gw+BO60bfi2MoJw8t2IcB1Qw==\r\n"
"-----END CERTIFICATE-----\r\n";
static bool g_testFlag = true;
static void TestGetEncoded(HcfX509Certificate *x509CertObj)
{
CfEncodingBlob derBlob = { 0 };
CfResult res = x509CertObj->base.getEncoded(&(x509CertObj->base), &derBlob);
if (res != CF_SUCCESS) {
return;
}
free(derBlob.data);
}
static void TestVerify(HcfX509Certificate *x509CertObj)
{
HcfPubKey *keyOut = nullptr;
CfResult res = x509CertObj->base.getPublicKey(&(x509CertObj->base), &keyOut);
if (res != CF_SUCCESS) {
return;
}
(void)x509CertObj->base.verify(&(x509CertObj->base), keyOut);
CfObjDestroy(keyOut);
}
static void TestQuery(HcfX509Certificate *x509CertObj)
{
CfBlob sn = { 0 };
(void)x509CertObj->getSerialNumber(x509CertObj, &sn);
CfBlobDataClearAndFree(&sn);
CfBlob issuerName = { 0 };
(void)x509CertObj->getIssuerName(x509CertObj, &issuerName);
CfBlobDataClearAndFree(&issuerName);
CfBlob subjectName = { 0 };
(void)x509CertObj->getSubjectName(x509CertObj, &subjectName);
CfBlobDataClearAndFree(&subjectName);
CfBlob notBeforeTime = { 0 };
(void)x509CertObj->getNotBeforeTime(x509CertObj, &notBeforeTime);
CfBlobDataClearAndFree(&notBeforeTime);
CfBlob notAfterTime = { 0 };
(void)x509CertObj->getNotAfterTime(x509CertObj, &notAfterTime);
CfBlobDataClearAndFree(&notAfterTime);
CfBlob sigOut = { 0 };
(void)x509CertObj->getSignature(x509CertObj, &sigOut);
CfBlobDataClearAndFree(&sigOut);
CfBlob sigAlgOid = { 0 };
(void)x509CertObj->getSignatureAlgOid(x509CertObj, &sigAlgOid);
CfBlobDataClearAndFree(&sigAlgOid);
CfBlob sigAlgParamsOut = { 0 };
(void)x509CertObj->getSignatureAlgParams(x509CertObj, &sigAlgParamsOut);
CfBlobDataClearAndFree(&sigAlgParamsOut);
CfArray keyUsageOut = { 0 };
(void)x509CertObj->getExtKeyUsage(x509CertObj, &keyUsageOut);
CfArrayDataClearAndFree(&keyUsageOut);
int32_t pathLen = x509CertObj->getBasicConstraints(x509CertObj);
if (pathLen < 0) {
return;
}
CfArray subjectAltName = { 0 };
(void)x509CertObj->getSubjectAltNames(x509CertObj, &subjectAltName);
CfArrayDataClearAndFree(&subjectAltName);
}
static void CreateOneCert(void)
{
CfEncodingBlob inStream = { 0 };
inStream.data = reinterpret_cast<uint8_t *>(g_fuzzCert);
inStream.encodingFormat = CF_FORMAT_PEM;
inStream.len = strlen(g_fuzzCert) + 1;
HcfX509Certificate *x509CertObj = nullptr;
CfResult res = HcfX509CertificateCreate(&inStream, &x509CertObj);
if (res != CF_SUCCESS) {
return;
}
TestGetEncoded(x509CertObj);
TestVerify(x509CertObj);
TestQuery(x509CertObj);
}
bool X509CertificateFuzzTest(const uint8_t* data, size_t size)
{
if (g_testFlag) {
CreateOneCert();
g_testFlag = false;
}
if (data == nullptr) {
return false;
}
CfEncodingBlob inStream = { 0 };
inStream.data = const_cast<uint8_t *>(data);
inStream.encodingFormat = CF_FORMAT_PEM;
inStream.len = size;
HcfX509Certificate *x509CertObj = nullptr;
CfResult res = HcfX509CertificateCreate(&inStream, &x509CertObj);
if (res != CF_SUCCESS) {
return false;
}
CfObjDestroy(x509CertObj);
return true;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
/* Run your code on data */
OHOS::X509CertificateFuzzTest(data, size);
return 0;
}

21
base/security/certificate_framework/test/fuzztest/v1.0/x509certificate_fuzzer/x509certificate_fuzzer.h Normal file
View File

@@ -0,0 +1,21 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef X509_CERTIFICATE_FUZZER_H
#define X509_CERTIFICATE_FUZZER_H
#define FUZZ_PROJECT_NAME "x509certificate_fuzzer"
#endif

62
base/security/certificate_framework/test/fuzztest/v1.0/x509crl_fuzzer/BUILD.gn Normal file
View File

@@ -0,0 +1,62 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#####################hydra-fuzz###################
import("//build/config/features.gni")
import("//build/ohos.gni")
import("//build/test.gni")
module_output_path = "certificate_framework/certificate"
##############################fuzztest##########################################
ohos_fuzztest("X509CrlFuzzTest") {
module_out_path = module_output_path
fuzz_config_file = "../x509crl_fuzzer"
configs = [ "../../../../config/build:coverage_flag_cc" ]
include_dirs = [
"../../../../frameworks/adapter/v1.0/inc",
"../../../../frameworks/common/v1.0/inc",
"../../../../frameworks/core/v1.0/spi",
"//third_party/openssl/include",
]
sources = [ "x509crl_fuzzer.cpp" ]
cflags = [
"-g",
"-O0",
"-Wno-unused-variable",
"-fno-omit-frame-pointer",
"-DHILOG_ENABLE",
]
if (target_cpu == "arm") {
cflags += [ "-DBINDER_IPC_32BIT" ]
}
deps = [ "//third_party/openssl:libcrypto_shared" ]
external_deps = [
"c_utils:utils",
"certificate_framework:certificate_framework_core",
"crypto_framework:crypto_framework_lib",
"hilog:libhilog",
]
}
###############################################################################
group("fuzztest") {
testonly = true
deps = []
deps += [
# deps file
":X509CrlFuzzTest",
]
}
###############################################################################

16
base/security/certificate_framework/test/fuzztest/v1.0/x509crl_fuzzer/corpus/init Normal file
View File

@@ -0,0 +1,16 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
FUZZ

25
base/security/certificate_framework/test/fuzztest/v1.0/x509crl_fuzzer/project.xml Normal file
View File

@@ -0,0 +1,25 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<fuzz_config>
<fuzztest>
<!-- maximum length of a test input -->
<max_len>1000</max_len>
<!-- maximum total time in seconds to run the fuzzer -->
<max_total_time>300</max_total_time>
<!-- memory usage limit in Mb -->
<rss_limit_mb>4096</rss_limit_mb>
</fuzztest>
</fuzz_config>

328
base/security/certificate_framework/test/fuzztest/v1.0/x509crl_fuzzer/x509crl_fuzzer.cpp Normal file
View File

@@ -0,0 +1,328 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "x509crl_fuzzer.h"
#include <openssl/x509.h>
#include "asy_key_generator.h"
#include "cf_blob.h"
#include "cipher.h"
#include "key_pair.h"
#include "cf_memory.h"
#include "certificate_openssl_class.h"
#include "cf_result.h"
#include "securec.h"
#include "x509_certificate.h"
#include "x509_crl.h"
#include "x509_crl_entry.h"
namespace OHOS {
constexpr int TEST_VERSION = 3;
constexpr int TEST_OFFSET_TIME = 1000;
constexpr int TEST_SN = 1000;
constexpr int TEST_TIME = 1986598400;
constexpr int TEST_OFFSET = 10;
constexpr int TEST_CRL_LEN = 256;
HcfKeyPair *g_keyPair = nullptr;
ASN1_TIME *g_lastUpdate = nullptr;
ASN1_TIME *g_nextUpdate = nullptr;
ASN1_TIME *g_rvTime = nullptr;
static char g_testCrl[] =
"-----BEGIN X509 CRL-----\r\n"
"MIIB/DCB5QIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCQ04xETAPBgNV\r\n"
"BAgMCHNoYW5naGFpMQ8wDQYDVQQHDAZodWF3ZWkxFTATBgNVBAoMDHd3dy50ZXN0\r\n"
"LmNvbTENMAsGA1UECwwEdGVzdDEVMBMGA1UEAwwMd3d3LnRlc3QuY29tMRwwGgYJ\r\n"
"KoZIhvcNAQkBFg10ZXN0QHRlc3QuY29tFw0yMjA4MjkwNzAwMTRaFw0yMjA5Mjgw\r\n"
"NzAwMTRaMBQwEgIBARcNMjIwODI5MDY1OTUzWqAOMAwwCgYDVR0UBAMCAQAwDQYJ\r\n"
"KoZIhvcNAQELBQADggEBAHpfFhhUR59OAvOSuKDQUC5tKeLEuPbY8bYdmQVI8EFd\r\n"
"xDkZTXmT3CX1aDPYKVsG/jH9KPAmCV/ODKEGiJzclb3Z4am7tT+Wy4mpXypNS1od\r\n"
"wPDcQGsMrjT6iSp6JImiB0dDDSleBTBcYR/hhtFaiGSncyqJ0mhyaXPxIkNOO6nY\r\n"
"v+rcTEPQWavViDRyNDhnTbN868I3fzFVBcidF13CA0sCJ91ZvsE9h/YmPO2+e0YE\r\n"
"IUgzn37UOiLGObCVBY12QjGiuvVvCl7ncncsFEJuGfvONOqyFHjyxDHo5W0fqTn2\r\n"
"eCtiNcgUr9Kz2bwCmvEXhP7PuF4RMLq4vfzi0YjCG98=\r\n"
"-----END X509 CRL-----\r\n";
static char g_testCert[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIID/jCCAuagAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCQ04x\r\n"
"ETAPBgNVBAgMCHNoYW5naGFpMQ8wDQYDVQQHDAZodWF3ZWkxFTATBgNVBAoMDHd3\r\n"
"dy50ZXN0LmNvbTENMAsGA1UECwwEdGVzdDEVMBMGA1UEAwwMd3d3LnRlc3QuY29t\r\n"
"MRwwGgYJKoZIhvcNAQkBFg10ZXN0QHRlc3QuY29tMB4XDTIyMDgyOTA2NTUwM1oX\r\n"
"DTIzMDgyOTA2NTUwM1owezELMAkGA1UEBhMCQ04xETAPBgNVBAgMCHNoYW5naGFp\r\n"
"MRUwEwYDVQQKDAx3d3cudGVzdC5jb20xDTALBgNVBAsMBHRlc3QxFTATBgNVBAMM\r\n"
"DHd3dy50ZXN0LmNvbTEcMBoGCSqGSIb3DQEJARYNdGVzdEB0ZXN0LmNvbTCCASIw\r\n"
"DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJmY9T4SzXXwKvfMvnvMWY7TqUJK\r\n"
"jnWf2Puv0YUQ2fdvyoKQ2LQXdtzoUL53j587oI+IXelOr7dg020zPyun0cmZHZ4y\r\n"
"l/qAcrWbDjZeEGcbbb5UtQtn1WOEnv8pkXluO355mbZQUKK9L3gFWseXJKGbIXw0\r\n"
"NRpaJZzqvPor4m3a5pmJKPHOlivUdYfLaKSkNj3DlaFzCWKV82k5ee6gzVyETtG+\r\n"
"XN+vq8qLybT+fIFsLNMmAHzRxlqz3NiH7yh+1/p/Knvf8bkkRVR2btH51RyX2RSu\r\n"
"DjPM0/VRL8fxDSDeWBq+Gvn/E6AbOVMmkx63tcyWHhklCSaZtyz7kq39TQMCAwEA\r\n"
"AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0\r\n"
"ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFiFDysfADQCzRZCOSPupQxFicwzMB8G\r\n"
"A1UdIwQYMBaAFNYQRQiPsG8HefOTsmsVhaVjY7IPMA0GCSqGSIb3DQEBCwUAA4IB\r\n"
"AQAeppxf6sKQJxJQXKPTT3xHKaskidNwDBbOSIvnVvWXicZXDs+1sF6tUaRgvPxL\r\n"
"OL58+P2Jy0tfSwj2WhqQRGe9MvQ5iFHcdelZc0ciW6EQ0VDHIaDAQc2nQzej/79w\r\n"
"UE7BJJV3b9n1be2iCsuodKO14pOkMb84WcIxng+8SD+MiFqV5BPO1QyKGdO1PE1b\r\n"
"+evjyTpFSTgZf2Mw3fGtu5hfEXyHw1lnsFY2MlSwiRlAym/gm4aXy+4H6LyXKd56\r\n"
"UYQ6fituD0ziaw3RI6liyIe7aENHCkZf6bAvMRhk4QiU4xu6emwX8Qt1bT7RthP0\r\n"
"1Vsro0IOeXT9WAcqEtQUegsi\r\n"
"-----END CERTIFICATE-----\r\n";
static void FreeCrlData()
{
if (g_keyPair != nullptr) {
CfObjDestroy(g_keyPair);
g_keyPair = nullptr;
}
if (g_lastUpdate != nullptr) {
ASN1_TIME_free(g_lastUpdate);
g_lastUpdate = nullptr;
}
if (g_nextUpdate != nullptr) {
ASN1_TIME_free(g_nextUpdate);
g_nextUpdate = nullptr;
}
if (g_rvTime != nullptr) {
ASN1_TIME_free(g_rvTime);
g_rvTime = nullptr;
}
}
static unsigned char *GetCrlStream()
{
unsigned char *buf = nullptr;
unsigned char *p = nullptr;
HcfAsyKeyGenerator *generator = nullptr;
HcfAsyKeyGeneratorCreate("RSA1024|PRIMES_3", &generator);
generator->generateKeyPair(generator, nullptr, &g_keyPair);
RSA *rsaPrikey = (reinterpret_cast<HcfOpensslRsaPriKey *>(g_keyPair->priKey))->sk;
EVP_PKEY *prikey = EVP_PKEY_new();
EVP_PKEY_assign_RSA(prikey, rsaPrikey);
X509_CRL *crl = X509_CRL_new();
(void)X509_CRL_set_version(crl, TEST_VERSION);
// Set Issuer
X509_NAME *issuer = X509_NAME_new();
const char *tmp = "CRL issuer";
(void)X509_NAME_add_entry_by_NID(issuer, NID_commonName, V_ASN1_PRINTABLESTRING,
reinterpret_cast<const unsigned char *>(tmp), 10, -1, 0);
(void)X509_CRL_set_issuer_name(crl, issuer);
g_lastUpdate = ASN1_TIME_new();
time_t t = time(nullptr);
ASN1_TIME_set(g_lastUpdate, t + TEST_OFFSET_TIME);
(void)X509_CRL_set_lastUpdate(crl, g_lastUpdate);
g_nextUpdate = ASN1_TIME_new();
t = TEST_TIME;
ASN1_TIME_set(g_nextUpdate, t);
(void)X509_CRL_set_nextUpdate(crl, g_nextUpdate);
X509_REVOKED *revoked = X509_REVOKED_new();
ASN1_INTEGER *serial = ASN1_INTEGER_new();
(void)ASN1_INTEGER_set(serial, TEST_SN);
(void)X509_REVOKED_set_serialNumber(revoked, serial);
g_rvTime = ASN1_TIME_new();
t = TEST_TIME;
ASN1_TIME_set(g_rvTime, t);
(void)X509_CRL_set_nextUpdate(crl, g_rvTime);
(void)X509_REVOKED_set_revocationDate(revoked, g_rvTime);
(void)X509_CRL_add0_revoked(crl, revoked);
(void)X509_CRL_sort(crl);
(void)X509_CRL_sign(crl, prikey, EVP_sha256());
int len = i2d_X509_CRL(crl, nullptr);
buf = reinterpret_cast<unsigned char *>(malloc(len + TEST_OFFSET));
p = buf;
(void)i2d_X509_CRL(crl, &p);
return buf;
}
static void TestX509CrlPem(HcfX509Crl *x509CrlPem)
{
CfEncodingBlob encodingBlob = { 0 };
(void)x509CrlPem->getEncoded(x509CrlPem, &encodingBlob);
if (encodingBlob.data != nullptr) {
CfFree(encodingBlob.data);
}
CfBlob issuerName = { 0 };
(void)x509CrlPem->getIssuerName(x509CrlPem, &issuerName);
if (issuerName.data != nullptr) {
CfFree(issuerName.data);
}
CfBlob lastUpdate = { 0 };
(void)x509CrlPem->getLastUpdate(x509CrlPem, &lastUpdate);
if (lastUpdate.data != nullptr) {
CfFree(lastUpdate.data);
}
CfBlob nextUpdate = { 0 };
(void)x509CrlPem->getNextUpdate(x509CrlPem, &nextUpdate);
if (nextUpdate.data != nullptr) {
CfFree(nextUpdate.data);
}
(void)x509CrlPem->base.getType(&(x509CrlPem->base));
HcfX509Certificate *x509Cert = nullptr;
CfEncodingBlob inStreamCert = { 0 };
inStreamCert.data = reinterpret_cast<uint8_t *>(g_testCert);
inStreamCert.encodingFormat = CF_FORMAT_PEM;
inStreamCert.len = strlen(g_testCert) + 1;
CfResult result = HcfX509CertificateCreate(&inStreamCert, &x509Cert);
if (result != CF_SUCCESS) {
return;
}
HcfX509CrlEntry *crlEntry = nullptr;
x509CrlPem->getRevokedCertWithCert(x509CrlPem, x509Cert, &crlEntry);
if (crlEntry != nullptr) {
CfObjDestroy(crlEntry);
}
(void)x509CrlPem->base.isRevoked(&(x509CrlPem->base), &(x509Cert->base));
CfObjDestroy(x509Cert);
}
static void TestX509CrlEntry(HcfX509Crl *x509CrlDer, const uint8_t *data, size_t size)
{
long serialNumber = 1000;
HcfX509CrlEntry *entry = nullptr;
x509CrlDer->getRevokedCert(x509CrlDer, serialNumber, &entry);
if (entry != nullptr) {
CfEncodingBlob entryEncoded = { 0 };
entry->getEncoded(entry, &entryEncoded);
if (entryEncoded.data != nullptr) {
CfFree(entryEncoded.data);
}
CfBlob certIssuer = { 0 };
entry->getCertIssuer(entry, &certIssuer);
if (certIssuer.data != nullptr) {
CfFree(certIssuer.data);
}
CfBlob revocationDate = { 0 };
entry->getRevocationDate(entry, &revocationDate);
if (revocationDate.data != nullptr) {
CfFree(revocationDate.data);
}
CfBlob snBlob = { 0 };
entry->getSerialNumber(entry, &snBlob);
if (snBlob.data != nullptr) {
CfFree(snBlob.data);
}
CfObjDestroy(entry);
}
if (size >= sizeof(long)) {
entry = nullptr;
const long *serialNumberPtr = reinterpret_cast<const long *>(data);
x509CrlDer->getRevokedCert(x509CrlDer, *serialNumberPtr, &entry);
if (entry != nullptr) {
CfObjDestroy(entry);
}
}
}
static void TestX509CrlDer(HcfX509Crl *x509CrlDer)
{
CfArray entrys = { 0 };
x509CrlDer->getRevokedCerts(x509CrlDer, &entrys);
if (entrys.data != nullptr) {
HcfX509CrlEntry *crlEntry = reinterpret_cast<HcfX509CrlEntry *>(entrys.data[0].data);
CfObjDestroy(crlEntry);
}
CfBlob signature = { 0 };
x509CrlDer->getSignature(x509CrlDer, &signature);
if (signature.data != nullptr) {
CfFree(signature.data);
}
CfBlob signatureAlgName = { 0 };
x509CrlDer->getSignatureAlgName(x509CrlDer, &signatureAlgName);
if (signatureAlgName.data != nullptr) {
CfFree(signatureAlgName.data);
}
CfBlob signatureAlgOid = { 0 };
x509CrlDer->getSignatureAlgOid(x509CrlDer, &signatureAlgOid);
if (signatureAlgOid.data != nullptr) {
CfFree(signatureAlgOid.data);
}
CfBlob signatureAlgParams = { 0 };
x509CrlDer->getSignatureAlgParams(x509CrlDer, &signatureAlgParams);
if (signatureAlgParams.data != nullptr) {
CfFree(signatureAlgParams.data);
}
CfBlob tbsInfo = { 0 };
x509CrlDer->getTbsInfo(x509CrlDer, &tbsInfo);
if (tbsInfo.data != nullptr) {
CfFree(tbsInfo.data);
}
(void)x509CrlDer->getVersion(x509CrlDer);
(void)x509CrlDer->verify(x509CrlDer, g_keyPair->pubKey);
}
bool FuzzDoX509CrlTest(const uint8_t* data, size_t size)
{
if ((data == nullptr) || (size < sizeof(long))) {
return false;
}
HcfX509Crl *x509CrlDer = nullptr;
CfEncodingBlob crlDerInStream = { 0 };
unsigned char *crlStream = GetCrlStream();
crlDerInStream.data = reinterpret_cast<uint8_t *>(crlStream);
crlDerInStream.encodingFormat = CF_FORMAT_DER;
crlDerInStream.len = TEST_CRL_LEN;
CfResult result = HcfX509CrlCreate(&crlDerInStream, &x509CrlDer);
CfFree(crlStream);
if (result != CF_SUCCESS) {
FreeCrlData();
return false;
}
CfEncodingBlob crlPemInStream = { 0 };
crlPemInStream.data = reinterpret_cast<uint8_t *>(g_testCrl);
crlPemInStream.encodingFormat = CF_FORMAT_PEM;
crlPemInStream.len = strlen(g_testCrl) + 1;
HcfX509Crl *x509CrlPem = nullptr;
result = HcfX509CrlCreate(&crlPemInStream, &x509CrlPem);
if (result != CF_SUCCESS) {
FreeCrlData();
CfObjDestroy(x509CrlDer);
return false;
}
TestX509CrlPem(x509CrlPem);
CfObjDestroy(x509CrlPem);
TestX509CrlEntry(x509CrlDer, data, size);
TestX509CrlDer(x509CrlDer);
FreeCrlData();
CfObjDestroy(x509CrlDer);
HcfX509Crl *x509Crl = nullptr;
CfEncodingBlob crlInStream = { 0 };
crlInStream.data = const_cast<uint8_t *>(data);
crlInStream.encodingFormat = CF_FORMAT_PEM;
crlInStream.len = size;
result = HcfX509CrlCreate(&crlInStream, &x509Crl);
if (result == CF_SUCCESS) {
CfObjDestroy(x509Crl);
}
return true;
}
}
/* Fuzzer entry point */
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
/* Run your code on data */
OHOS::FuzzDoX509CrlTest(data, size);
return 0;
}

20
base/security/certificate_framework/test/fuzztest/v1.0/x509crl_fuzzer/x509crl_fuzzer.h Normal file
View File

@@ -0,0 +1,20 @@
/*
* Copyright (c) 2023 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef X509_CRL_FUZZER_H
#define X509_CRL_FUZZER_H
#define FUZZ_PROJECT_NAME "x509crl_fuzzer"
#endif