1 /*
2 * Copyright (C) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "hcfverifycreate_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <string>
21
22 #include "asy_key_generator.h"
23 #include "blob.h"
24 #include "result.h"
25 #include "signature.h"
26
27 namespace OHOS {
TestVerify(const uint8_t * data,size_t size)28 static void TestVerify(const uint8_t* data, size_t size)
29 {
30 HcfAsyKeyGenerator *generator = nullptr;
31 HcfResult res = HcfAsyKeyGeneratorCreate("ECC224", &generator);
32 if (res != HCF_SUCCESS) {
33 return;
34 }
35
36 HcfKeyPair *ecc224KeyPair = nullptr;
37 res = generator->generateKeyPair(generator, nullptr, &ecc224KeyPair);
38 HcfObjDestroy(generator);
39 if (res != HCF_SUCCESS) {
40 return;
41 }
42
43 HcfSign *sign = nullptr;
44 res = HcfSignCreate("ECC224|SHA384", &sign);
45 if (res != HCF_SUCCESS) {
46 HcfObjDestroy(ecc224KeyPair);
47 return;
48 }
49 static HcfBlob mockInput = {
50 .data = const_cast<uint8_t *>(data),
51 .len = size
52 };
53 (void)sign->init(sign, nullptr, ecc224KeyPair->priKey);
54 (void)sign->update(sign, &mockInput);
55
56 HcfVerify *verify = nullptr;
57 res = HcfVerifyCreate("ECC224|SHA384", &verify);
58 if (res != HCF_SUCCESS) {
59 HcfObjDestroy(ecc224KeyPair);
60 HcfObjDestroy(sign);
61 return;
62 }
63 HcfBlob out = {
64 .data = nullptr,
65 .len = 0
66 };
67 (void)sign->sign(sign, nullptr, &out);
68 (void)verify->init(verify, nullptr, ecc224KeyPair->pubKey);
69 (void)verify->update(verify, &mockInput);
70 (void)verify->verify(verify, nullptr, &out);
71 HcfObjDestroy(ecc224KeyPair);
72 HcfObjDestroy(sign);
73 HcfBlobDataFree(&out);
74 HcfObjDestroy(verify);
75 }
76
TestVerifySm2(const uint8_t * data,size_t size)77 static void TestVerifySm2(const uint8_t* data, size_t size)
78 {
79 HcfAsyKeyGenerator *generator = nullptr;
80 HcfResult res = HcfAsyKeyGeneratorCreate("SM2_256", &generator);
81 if (res != HCF_SUCCESS) {
82 return;
83 }
84
85 HcfKeyPair *sm2256KeyPair = nullptr;
86 res = generator->generateKeyPair(generator, nullptr, &sm2256KeyPair);
87 HcfObjDestroy(generator);
88 if (res != HCF_SUCCESS) {
89 return;
90 }
91
92 HcfSign *sign = nullptr;
93 res = HcfSignCreate("SM2_256|SM3", &sign);
94 if (res != HCF_SUCCESS) {
95 HcfObjDestroy(sm2256KeyPair);
96 return;
97 }
98 static HcfBlob mockInput = {
99 .data = const_cast<uint8_t *>(data),
100 .len = size
101 };
102 (void)sign->init(sign, nullptr, sm2256KeyPair->priKey);
103 (void)sign->update(sign, &mockInput);
104
105 HcfVerify *verify = nullptr;
106 res = HcfVerifyCreate("SM2_256|SM3", &verify);
107 if (res != HCF_SUCCESS) {
108 HcfObjDestroy(sm2256KeyPair);
109 HcfObjDestroy(sign);
110 return;
111 }
112 HcfBlob out = {
113 .data = nullptr,
114 .len = 0
115 };
116 (void)sign->sign(sign, nullptr, &out);
117 (void)verify->init(verify, nullptr, sm2256KeyPair->pubKey);
118 (void)verify->update(verify, &mockInput);
119 (void)verify->verify(verify, nullptr, &out);
120 HcfObjDestroy(sm2256KeyPair);
121 HcfObjDestroy(sign);
122 HcfBlobDataFree(&out);
123 HcfObjDestroy(verify);
124 }
125
TestVerifyBrainpool(const uint8_t * data,size_t size)126 static void TestVerifyBrainpool(const uint8_t* data, size_t size)
127 {
128 HcfAsyKeyGenerator *generator = nullptr;
129 HcfResult res = HcfAsyKeyGeneratorCreate("ECC_BrainPoolP160r1", &generator);
130 if (res != HCF_SUCCESS) {
131 return;
132 }
133
134 HcfKeyPair *brainPoolP160r1KeyPair = nullptr;
135 res = generator->generateKeyPair(generator, nullptr, &brainPoolP160r1KeyPair);
136 HcfObjDestroy(generator);
137 if (res != HCF_SUCCESS) {
138 return;
139 }
140
141 HcfSign *sign = nullptr;
142 res = HcfSignCreate("ECC_BrainPoolP160r1|SHA1", &sign);
143 if (res != HCF_SUCCESS) {
144 HcfObjDestroy(brainPoolP160r1KeyPair);
145 return;
146 }
147 static HcfBlob mockInput = {
148 .data = const_cast<uint8_t *>(data),
149 .len = size
150 };
151 (void)sign->init(sign, nullptr, brainPoolP160r1KeyPair->priKey);
152 (void)sign->update(sign, &mockInput);
153
154 HcfVerify *verify = nullptr;
155 res = HcfVerifyCreate("ECC_BrainPoolP160r1|SHA1", &verify);
156 if (res != HCF_SUCCESS) {
157 HcfObjDestroy(brainPoolP160r1KeyPair);
158 HcfObjDestroy(sign);
159 return;
160 }
161 HcfBlob out = {
162 .data = nullptr,
163 .len = 0
164 };
165 (void)sign->sign(sign, nullptr, &out);
166 (void)verify->init(verify, nullptr, brainPoolP160r1KeyPair->pubKey);
167 (void)verify->update(verify, &mockInput);
168 (void)verify->verify(verify, nullptr, &out);
169 HcfObjDestroy(brainPoolP160r1KeyPair);
170 HcfObjDestroy(sign);
171 HcfBlobDataFree(&out);
172 HcfObjDestroy(verify);
173 }
174
TestVerifyEd25519(const uint8_t * data,size_t size)175 static void TestVerifyEd25519(const uint8_t* data, size_t size)
176 {
177 HcfAsyKeyGenerator *generator = nullptr;
178 HcfResult res = HcfAsyKeyGeneratorCreate("Ed25519", &generator);
179 if (res != HCF_SUCCESS) {
180 return;
181 }
182
183 HcfKeyPair *ed25519KeyPair = nullptr;
184 res = generator->generateKeyPair(generator, nullptr, &ed25519KeyPair);
185 HcfObjDestroy(generator);
186 if (res != HCF_SUCCESS) {
187 return;
188 }
189
190 HcfSign *sign = nullptr;
191 res = HcfSignCreate("Ed25519", &sign);
192 if (res != HCF_SUCCESS) {
193 HcfObjDestroy(ed25519KeyPair);
194 return;
195 }
196 static HcfBlob mockInput = {
197 .data = const_cast<uint8_t *>(data),
198 .len = size
199 };
200 (void)sign->init(sign, nullptr, ed25519KeyPair->priKey);
201 (void)sign->update(sign, &mockInput);
202
203 HcfVerify *verify = nullptr;
204 res = HcfVerifyCreate("Ed25519", &verify);
205 if (res != HCF_SUCCESS) {
206 HcfObjDestroy(ed25519KeyPair);
207 HcfObjDestroy(sign);
208 return;
209 }
210 HcfBlob out = {
211 .data = nullptr,
212 .len = 0
213 };
214 (void)sign->sign(sign, nullptr, &out);
215 (void)verify->init(verify, nullptr, ed25519KeyPair->pubKey);
216 (void)verify->update(verify, &mockInput);
217 (void)verify->verify(verify, nullptr, &out);
218 HcfObjDestroy(ed25519KeyPair);
219 HcfObjDestroy(sign);
220 HcfBlobDataFree(&out);
221 HcfObjDestroy(verify);
222 }
223
HcfVerifyCreateFuzzTest(const uint8_t * data,size_t size)224 bool HcfVerifyCreateFuzzTest(const uint8_t* data, size_t size)
225 {
226 TestVerify(data, size);
227 TestVerifySm2(data, size);
228 TestVerifyBrainpool(data, size);
229 TestVerifyEd25519(data, size);
230 HcfVerify *verify = nullptr;
231 std::string algoName(reinterpret_cast<const char *>(data), size);
232 HcfResult res = HcfVerifyCreate(algoName.c_str(), &verify);
233 if (res != HCF_SUCCESS) {
234 return false;
235 }
236 HcfObjDestroy(verify);
237 return true;
238 }
239 }
240
241 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)242 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
243 {
244 /* Run your code on data */
245 OHOS::HcfVerifyCreateFuzzTest(data, size);
246 return 0;
247 }
248