11e934351Sopenharmony_ci/* 21e934351Sopenharmony_ci * Copyright (c) 2024 Huawei Device Co., Ltd. 31e934351Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 41e934351Sopenharmony_ci * you may not use this file except in compliance with the License. 51e934351Sopenharmony_ci * You may obtain a copy of the License at 61e934351Sopenharmony_ci * 71e934351Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 81e934351Sopenharmony_ci * 91e934351Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 101e934351Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 111e934351Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 121e934351Sopenharmony_ci * See the License for the specific language governing permissions and 131e934351Sopenharmony_ci * limitations under the License. 141e934351Sopenharmony_ci */ 151e934351Sopenharmony_ci 161e934351Sopenharmony_ci#include <cstring> 171e934351Sopenharmony_ci#include <map> 181e934351Sopenharmony_ci#include <securec.h> 191e934351Sopenharmony_ci#include <string> 201e934351Sopenharmony_ci#include <vector> 211e934351Sopenharmony_ci 221e934351Sopenharmony_ci#include "net_ssl.h" 231e934351Sopenharmony_ci#include "net_ssl_c.h" 241e934351Sopenharmony_ci#include "net_ssl_c_type.h" 251e934351Sopenharmony_ci#include "net_ssl_type.h" 261e934351Sopenharmony_ci#include "net_ssl_verify_cert.h" 271e934351Sopenharmony_ci#include "netstack_log.h" 281e934351Sopenharmony_ci#include "secure_char.h" 291e934351Sopenharmony_ci 301e934351Sopenharmony_cinamespace OHOS { 311e934351Sopenharmony_cinamespace NetStack { 321e934351Sopenharmony_cinamespace Ssl { 331e934351Sopenharmony_cinamespace { 341e934351Sopenharmony_ci 351e934351Sopenharmony_ciconst uint8_t *g_baseFuzzData = nullptr; 361e934351Sopenharmony_cisize_t g_baseFuzzSize = 0; 371e934351Sopenharmony_cisize_t g_baseFuzzPos = 0; 381e934351Sopenharmony_ci[[maybe_unused]] constexpr size_t STR_LEN = 255; 391e934351Sopenharmony_ci} // namespace 401e934351Sopenharmony_citemplate <class T> T GetData() 411e934351Sopenharmony_ci{ 421e934351Sopenharmony_ci T object{}; 431e934351Sopenharmony_ci size_t objectSize = sizeof(object); 441e934351Sopenharmony_ci if (g_baseFuzzData == nullptr || g_baseFuzzSize <= g_baseFuzzPos || objectSize > g_baseFuzzSize - g_baseFuzzPos) { 451e934351Sopenharmony_ci return object; 461e934351Sopenharmony_ci } 471e934351Sopenharmony_ci errno_t ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize); 481e934351Sopenharmony_ci if (ret != EOK) { 491e934351Sopenharmony_ci return object; 501e934351Sopenharmony_ci } 511e934351Sopenharmony_ci g_baseFuzzPos += objectSize; 521e934351Sopenharmony_ci return object; 531e934351Sopenharmony_ci} 541e934351Sopenharmony_ci 551e934351Sopenharmony_civoid SetGlobalFuzzData(const uint8_t *data, size_t size) 561e934351Sopenharmony_ci{ 571e934351Sopenharmony_ci g_baseFuzzData = data; 581e934351Sopenharmony_ci g_baseFuzzSize = size; 591e934351Sopenharmony_ci g_baseFuzzPos = 0; 601e934351Sopenharmony_ci} 611e934351Sopenharmony_ci 621e934351Sopenharmony_cistd::string GetStringFromData(int strlen) 631e934351Sopenharmony_ci{ 641e934351Sopenharmony_ci if (strlen < 1) { 651e934351Sopenharmony_ci return ""; 661e934351Sopenharmony_ci } 671e934351Sopenharmony_ci 681e934351Sopenharmony_ci char cstr[strlen]; 691e934351Sopenharmony_ci cstr[strlen - 1] = '\0'; 701e934351Sopenharmony_ci for (int i = 0; i < strlen - 1; i++) { 711e934351Sopenharmony_ci cstr[i] = GetData<char>(); 721e934351Sopenharmony_ci } 731e934351Sopenharmony_ci std::string str(cstr); 741e934351Sopenharmony_ci return str; 751e934351Sopenharmony_ci} 761e934351Sopenharmony_ci 771e934351Sopenharmony_ciuint8_t *stringToUint8(const std::string &str) 781e934351Sopenharmony_ci{ 791e934351Sopenharmony_ci uint8_t *data = new uint8_t[str.size() + 1]; 801e934351Sopenharmony_ci for (size_t i = 0; i < str.size(); ++i) { 811e934351Sopenharmony_ci data[i] = static_cast<uint8_t>(str[i]); 821e934351Sopenharmony_ci } 831e934351Sopenharmony_ci data[str.size()] = '\0'; 841e934351Sopenharmony_ci return data; 851e934351Sopenharmony_ci} 861e934351Sopenharmony_ci 871e934351Sopenharmony_civoid SetNetStackVerifyCertificationTestOne(const uint8_t *data, size_t size) 881e934351Sopenharmony_ci{ 891e934351Sopenharmony_ci if ((data == nullptr) || (size < 1)) { 901e934351Sopenharmony_ci return; 911e934351Sopenharmony_ci } 921e934351Sopenharmony_ci SetGlobalFuzzData(data, size); 931e934351Sopenharmony_ci std::string str = GetStringFromData(STR_LEN); 941e934351Sopenharmony_ci CertBlob certBlob; 951e934351Sopenharmony_ci certBlob.type = CERT_TYPE_PEM; 961e934351Sopenharmony_ci certBlob.size = str.size(); 971e934351Sopenharmony_ci certBlob.data = stringToUint8(str); 981e934351Sopenharmony_ci NetStackVerifyCertification(&certBlob); 991e934351Sopenharmony_ci delete[] certBlob.data; 1001e934351Sopenharmony_ci certBlob.data = nullptr; 1011e934351Sopenharmony_ci} 1021e934351Sopenharmony_ci 1031e934351Sopenharmony_civoid SetNetStackVerifyCertificationTestTwo(const uint8_t *data, size_t size) 1041e934351Sopenharmony_ci{ 1051e934351Sopenharmony_ci if ((data == nullptr) || (size < 1)) { 1061e934351Sopenharmony_ci return; 1071e934351Sopenharmony_ci } 1081e934351Sopenharmony_ci SetGlobalFuzzData(data, size); 1091e934351Sopenharmony_ci std::string str = GetStringFromData(STR_LEN); 1101e934351Sopenharmony_ci CertBlob certBlob; 1111e934351Sopenharmony_ci certBlob.type = CERT_TYPE_PEM; 1121e934351Sopenharmony_ci certBlob.size = str.size(); 1131e934351Sopenharmony_ci certBlob.data = stringToUint8(str); 1141e934351Sopenharmony_ci NetStackVerifyCertification(&certBlob, &certBlob); 1151e934351Sopenharmony_ci delete[] certBlob.data; 1161e934351Sopenharmony_ci certBlob.data = nullptr; 1171e934351Sopenharmony_ci} 1181e934351Sopenharmony_ci 1191e934351Sopenharmony_civoid SetVerifyCertTestOne(const uint8_t *data, size_t size) 1201e934351Sopenharmony_ci{ 1211e934351Sopenharmony_ci if ((data == nullptr) || (size < 1)) { 1221e934351Sopenharmony_ci return; 1231e934351Sopenharmony_ci } 1241e934351Sopenharmony_ci SetGlobalFuzzData(data, size); 1251e934351Sopenharmony_ci std::string str = GetStringFromData(STR_LEN); 1261e934351Sopenharmony_ci CertBlob certBlob; 1271e934351Sopenharmony_ci certBlob.type = CERT_TYPE_PEM; 1281e934351Sopenharmony_ci certBlob.size = str.size(); 1291e934351Sopenharmony_ci certBlob.data = stringToUint8(str); 1301e934351Sopenharmony_ci VerifyCert(&certBlob); 1311e934351Sopenharmony_ci delete[] certBlob.data; 1321e934351Sopenharmony_ci certBlob.data = nullptr; 1331e934351Sopenharmony_ci} 1341e934351Sopenharmony_ci 1351e934351Sopenharmony_civoid SetVerifyCertTestTwo(const uint8_t *data, size_t size) 1361e934351Sopenharmony_ci{ 1371e934351Sopenharmony_ci if ((data == nullptr) || (size < 1)) { 1381e934351Sopenharmony_ci return; 1391e934351Sopenharmony_ci } 1401e934351Sopenharmony_ci SetGlobalFuzzData(data, size); 1411e934351Sopenharmony_ci std::string str = GetStringFromData(STR_LEN); 1421e934351Sopenharmony_ci CertBlob certBlob; 1431e934351Sopenharmony_ci certBlob.type = CERT_TYPE_PEM; 1441e934351Sopenharmony_ci certBlob.size = str.size(); 1451e934351Sopenharmony_ci certBlob.data = stringToUint8(str); 1461e934351Sopenharmony_ci VerifyCert(&certBlob, &certBlob); 1471e934351Sopenharmony_ci delete[] certBlob.data; 1481e934351Sopenharmony_ci certBlob.data = nullptr; 1491e934351Sopenharmony_ci} 1501e934351Sopenharmony_ci 1511e934351Sopenharmony_civoid SetFreeResourcesTest(const uint8_t *data, size_t size) 1521e934351Sopenharmony_ci{ 1531e934351Sopenharmony_ci if ((data == nullptr) || (size < 1)) { 1541e934351Sopenharmony_ci return; 1551e934351Sopenharmony_ci } 1561e934351Sopenharmony_ci SetGlobalFuzzData(data, size); 1571e934351Sopenharmony_ci std::string str = GetStringFromData(STR_LEN); 1581e934351Sopenharmony_ci CertBlob certBlob; 1591e934351Sopenharmony_ci certBlob.type = CERT_TYPE_PEM; 1601e934351Sopenharmony_ci certBlob.size = str.size(); 1611e934351Sopenharmony_ci certBlob.data = stringToUint8(str); 1621e934351Sopenharmony_ci X509 *cert = PemToX509(certBlob.data, certBlob.size); 1631e934351Sopenharmony_ci X509_STORE *store = nullptr; 1641e934351Sopenharmony_ci X509_STORE_CTX *ctx = nullptr; 1651e934351Sopenharmony_ci FreeResources(&cert, &cert, &store, &ctx); 1661e934351Sopenharmony_ci delete[] certBlob.data; 1671e934351Sopenharmony_ci certBlob.data = nullptr; 1681e934351Sopenharmony_ci} 1691e934351Sopenharmony_ci 1701e934351Sopenharmony_civoid SetPemToX509Test(const uint8_t *data, size_t size) 1711e934351Sopenharmony_ci{ 1721e934351Sopenharmony_ci if ((data == nullptr) || (size < 1)) { 1731e934351Sopenharmony_ci return; 1741e934351Sopenharmony_ci } 1751e934351Sopenharmony_ci SetGlobalFuzzData(data, size); 1761e934351Sopenharmony_ci std::string str = GetStringFromData(STR_LEN); 1771e934351Sopenharmony_ci CertBlob certBlob; 1781e934351Sopenharmony_ci certBlob.type = CERT_TYPE_PEM; 1791e934351Sopenharmony_ci certBlob.size = str.size(); 1801e934351Sopenharmony_ci certBlob.data = stringToUint8(str); 1811e934351Sopenharmony_ci PemToX509(data, size); 1821e934351Sopenharmony_ci delete[] certBlob.data; 1831e934351Sopenharmony_ci certBlob.data = nullptr; 1841e934351Sopenharmony_ci} 1851e934351Sopenharmony_ci 1861e934351Sopenharmony_civoid SetDerToX509Test(const uint8_t *data, size_t size) 1871e934351Sopenharmony_ci{ 1881e934351Sopenharmony_ci if ((data == nullptr) || (size < 1)) { 1891e934351Sopenharmony_ci return; 1901e934351Sopenharmony_ci } 1911e934351Sopenharmony_ci SetGlobalFuzzData(data, size); 1921e934351Sopenharmony_ci std::string str = GetStringFromData(STR_LEN); 1931e934351Sopenharmony_ci CertBlob certBlob; 1941e934351Sopenharmony_ci certBlob.type = CERT_TYPE_PEM; 1951e934351Sopenharmony_ci certBlob.size = str.size(); 1961e934351Sopenharmony_ci certBlob.data = stringToUint8(str); 1971e934351Sopenharmony_ci DerToX509(data, size); 1981e934351Sopenharmony_ci delete[] certBlob.data; 1991e934351Sopenharmony_ci certBlob.data = nullptr; 2001e934351Sopenharmony_ci} 2011e934351Sopenharmony_ci 2021e934351Sopenharmony_civoid SetCertBlobToX509Test(const uint8_t *data, size_t size) 2031e934351Sopenharmony_ci{ 2041e934351Sopenharmony_ci if ((data == nullptr) || (size < 1)) { 2051e934351Sopenharmony_ci return; 2061e934351Sopenharmony_ci } 2071e934351Sopenharmony_ci SetGlobalFuzzData(data, size); 2081e934351Sopenharmony_ci std::string str = GetStringFromData(STR_LEN); 2091e934351Sopenharmony_ci CertBlob certBlob; 2101e934351Sopenharmony_ci certBlob.type = CERT_TYPE_PEM; 2111e934351Sopenharmony_ci certBlob.size = str.size(); 2121e934351Sopenharmony_ci certBlob.data = stringToUint8(str); 2131e934351Sopenharmony_ci CertBlobToX509(&certBlob); 2141e934351Sopenharmony_ci delete[] certBlob.data; 2151e934351Sopenharmony_ci certBlob.data = nullptr; 2161e934351Sopenharmony_ci} 2171e934351Sopenharmony_ci 2181e934351Sopenharmony_civoid SetOHNetStackCertVerificationTest(const uint8_t *data, size_t size) 2191e934351Sopenharmony_ci{ 2201e934351Sopenharmony_ci if ((data == nullptr) || (size < 1)) { 2211e934351Sopenharmony_ci return; 2221e934351Sopenharmony_ci } 2231e934351Sopenharmony_ci SetGlobalFuzzData(data, size); 2241e934351Sopenharmony_ci std::string str = GetStringFromData(STR_LEN); 2251e934351Sopenharmony_ci CertBlob certBlob; 2261e934351Sopenharmony_ci certBlob.type = CERT_TYPE_PEM; 2271e934351Sopenharmony_ci certBlob.size = str.size(); 2281e934351Sopenharmony_ci certBlob.data = stringToUint8(str); 2291e934351Sopenharmony_ci OH_NetStack_CertVerification((const struct NetStack_CertBlob *)&certBlob, 2301e934351Sopenharmony_ci (const struct NetStack_CertBlob *)&certBlob); 2311e934351Sopenharmony_ci delete[] certBlob.data; 2321e934351Sopenharmony_ci certBlob.data = nullptr; 2331e934351Sopenharmony_ci} 2341e934351Sopenharmony_ci 2351e934351Sopenharmony_ci} // namespace Ssl 2361e934351Sopenharmony_ci} // namespace NetStack 2371e934351Sopenharmony_ci} // namespace OHOS 2381e934351Sopenharmony_ci 2391e934351Sopenharmony_ci/* Fuzzer entry point */ 2401e934351Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 2411e934351Sopenharmony_ci{ 2421e934351Sopenharmony_ci /* Run your code on data */ 2431e934351Sopenharmony_ci OHOS::NetStack::Ssl::SetNetStackVerifyCertificationTestOne(data, size); 2441e934351Sopenharmony_ci OHOS::NetStack::Ssl::SetNetStackVerifyCertificationTestTwo(data, size); 2451e934351Sopenharmony_ci OHOS::NetStack::Ssl::SetVerifyCertTestOne(data, size); 2461e934351Sopenharmony_ci OHOS::NetStack::Ssl::SetVerifyCertTestTwo(data, size); 2471e934351Sopenharmony_ci OHOS::NetStack::Ssl::SetFreeResourcesTest(data, size); 2481e934351Sopenharmony_ci OHOS::NetStack::Ssl::SetPemToX509Test(data, size); 2491e934351Sopenharmony_ci OHOS::NetStack::Ssl::SetDerToX509Test(data, size); 2501e934351Sopenharmony_ci OHOS::NetStack::Ssl::SetCertBlobToX509Test(data, size); 2511e934351Sopenharmony_ci OHOS::NetStack::Ssl::SetOHNetStackCertVerificationTest(data, size); 2521e934351Sopenharmony_ci return 0; 2531e934351Sopenharmony_ci}