xref: /aosp_15_r20/hardware/interfaces/security/keymint/support/fuzzer/keymint_rkpsupport_fuzzer.cpp (revision 4d7e907c777eeecc4c5bd7cf640a754fac206ff7) 
1 /*
2  * Copyright (C) 2024 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  */
17 #include <fuzzer/FuzzedDataProvider.h>
18 #include <remote_prov/remote_prov_utils.h>
19 
20 namespace android::hardware::security::keymint_support::fuzzer {
21 
22 using namespace aidl::android::hardware::security::keymint::remote_prov;
23 
24 constexpr size_t kMaxBytes = 128;
25 
26 class KeyMintRemoteKeyProvSupport {
27   public:
KeyMintRemoteKeyProvSupport(const uint8_t * data,size_t size)28     KeyMintRemoteKeyProvSupport(const uint8_t* data, size_t size) : mFdp(data, size) {}
29     void process();
30 
31   private:
32     FuzzedDataProvider mFdp;
33 };
34 
process()35 void KeyMintRemoteKeyProvSupport::process() {
36     while (mFdp.remaining_bytes()) {
37         auto invokeProvAPI = mFdp.PickValueInArray<const std::function<void()>>({
38                 [&]() {
39                     std::vector<uint8_t> eekId;
40                     if (mFdp.ConsumeBool()) {
41                         eekId = mFdp.ConsumeBytes<uint8_t>(kMaxBytes);
42                     }
43                     generateEekChain(mFdp.ConsumeIntegral<uint8_t>() /* supportedEekCurve */,
44                                      mFdp.ConsumeIntegral<uint8_t>() /* length */, eekId);
45                 },
46                 [&]() { getProdEekChain(mFdp.ConsumeIntegral<uint8_t>() /* supportedEekCurve */); },
47                 [&]() {
48                     std::string serialNoProp = mFdp.ConsumeRandomLengthString(kMaxBytes);
49                     std::string instanceName = mFdp.ConsumeRandomLengthString(kMaxBytes);
50                     cppbor::Array array;
51                     array.add(mFdp.ConsumeIntegral<uint8_t>() /* value */);
52                     jsonEncodeCsrWithBuild(instanceName, array, serialNoProp);
53                 },
54         });
55         invokeProvAPI();
56     }
57 }
58 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)59 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
60     KeyMintRemoteKeyProvSupport keymintRKPSupport(data, size);
61     keymintRKPSupport.process();
62     return 0;
63 }
64 
65 }  // namespace android::hardware::security::keymint_support::fuzzer
66