1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "devauthservprocessauthdata_fuzzer.h"
17 #include "device_auth.h"
18 #include "device_auth_defines.h"
19 #include "hc_dev_info.h"
20 #include "hc_log.h"
21 #include "hc_types.h"
22 #include "json_utils.h"
23 #include "securec.h"
24 #include <unistd.h>
25 
26 namespace OHOS {
OnError(int64_t requestId,int operationCode,int errorCode,const char * errorReturn)27     static void OnError(int64_t requestId, int operationCode, int errorCode, const char *errorReturn)
28     {
29         LOGE("error return: %s", errorReturn);
30     }
31 
OnFinish(int64_t requestId,int operationCode,const char * authReturn)32     static void OnFinish(int64_t requestId, int operationCode, const char *authReturn)
33     {
34         LOGI("return value: %s", authReturn);
35     }
36 
OnSessionKeyReturned(int64_t requestId,const uint8_t * sessionKey,uint32_t sessionKeyLen)37     static void OnSessionKeyReturned(int64_t requestId, const uint8_t *sessionKey, uint32_t sessionKeyLen) {}
38 
OnTransmit(int64_t requestId,const uint8_t * data,uint32_t dataLen)39     static bool OnTransmit(int64_t requestId, const uint8_t *data, uint32_t dataLen)
40     {
41         return true;
42     }
43 
OnRequest(int64_t requestId,int operationCode,const char * reqParam)44     static char *OnRequest(int64_t requestId, int operationCode, const char* reqParam)
45     {
46         return nullptr;
47     }
48 
49     static DeviceAuthCallback g_gaCallback = {
50         .onTransmit = OnTransmit,
51         .onSessionKeyReturned = OnSessionKeyReturned,
52         .onFinish = OnFinish,
53         .onError = OnError,
54         .onRequest = OnRequest,
55     };
56 
FuzzDoProcessAuthData(const uint8_t * data,size_t size)57     bool FuzzDoProcessAuthData(const uint8_t* data, size_t size)
58     {
59         if (data == nullptr) {
60             return false;
61         }
62         InitDeviceAuthService();
63         const GroupAuthManager *gaInstance = GetGaInstance();
64         int64_t reqId = 123;
65         uint8_t *authData = reinterpret_cast<uint8_t *>(HcMalloc(size + 1, 0));
66         if (authData == nullptr) {
67             DestroyDeviceAuthService();
68             return false;
69         }
70         if (memcpy_s(authData, size, data, size) != EOK) {
71             HcFree(authData);
72             DestroyDeviceAuthService();
73             return false;
74         }
75         gaInstance->processData(reqId, authData, size, &g_gaCallback);
76         HcFree(authData);
77         sleep(1);
78         DestroyDeviceAuthService();
79         return true;
80     }
81 }
82 
83 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)84 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
85 {
86     /* Run your code on data */
87     OHOS::FuzzDoProcessAuthData(data, size);
88     return 0;
89 }
90 
91