README.md
1# Fuzzer for libkeystore
2## Table of contents
3+ [libkeystore-get-wifi-hidl](#libkeystore-get-wifi-hidl)
4+ [libkeystore_attestation_application_id](#libkeystore_attestation_application_id)
5
6# <a name="libkeystore-get-wifi-hidl"></a> Fuzzer for libkeystore-get-wifi-hidl
7## Plugin Design Considerations
8The fuzzer plugin for libkeystore-get-wifi-hidl is designed based on the understanding of the library and tries to achieve the following:
9
10##### Maximize code coverage
11The configuration parameters are not hardcoded, but instead selected based on
12incoming data. This ensures more code paths are reached by the fuzzer.
13
14libkeystore-get-wifi-hidl supports the following parameters:
151. Key (parameter name: `key`)
16
17| Parameter| Valid Values| Configured Value|
18|------------- |-------------| ----- |
19| `key` | `String` | Value obtained from FuzzedDataProvider|
20
21This also ensures that the plugin is always deterministic for any given input.
22
23##### Maximize utilization of input data
24The plugin feeds the entire input data to the libkeystore-get-wifi-hidl module.
25This ensures that the plugin tolerates any kind of input (empty, huge,
26malformed, etc) and doesnt `exit()` on any input and thereby increasing the
27chance of identifying vulnerabilities.
28
29## Build
30
31This describes steps to build keystoreGetWifiHidl_fuzzer binary.
32
33### Android
34
35#### Steps to build
36Build the fuzzer
37```
38 $ mm -j$(nproc) keystoreGetWifiHidl_fuzzer
39```
40#### Steps to run
41
42To run on device
43```
44 $ adb sync data
45 $ adb shell /data/fuzz/${TARGET_ARCH}/keystoreGetWifiHidl_fuzzer/keystoreGetWifiHidl_fuzzer
46```
47
48# <a name="libkeystore_attestation_application_id"></a> Fuzzer for libkeystore_attestation_application_id
49## Plugin Design Considerations
50The fuzzer plugin for libkeystore-attestation-application-id are designed based on the understanding of the library and tries to achieve the following:
51
52##### Maximize code coverage
53The configuration parameters are not hardcoded, but instead selected based on
54incoming data. This ensures more code paths are reached by the fuzzer.
55
56libkeystore-attestation-application-id supports the following parameters:
571. Package Name (parameter name: `packageName`)
582. Version Code (parameter name: `versionCode`)
593. Uid (parameter name: `uid`)
60
61
62| Parameter| Valid Values| Configured Value|
63|------------- |-------------| ----- |
64| `packageName` | `String` | Value obtained from FuzzedDataProvider|
65| `versionCode` | `INT64_MIN` to `INT64_MAX` | Value obtained from FuzzedDataProvider|
66| `uid` | `0` to `1000` | Value obtained from FuzzedDataProvider|
67
68This also ensures that the plugin is always deterministic for any given input.
69
70##### Maximize utilization of input data
71The plugins feed the entire input data to the libkeystore_attestation_application_id module.
72This ensures that the plugin tolerates any kind of input (empty, huge,
73malformed, etc) and doesnt `exit()` on any input and thereby increasing the
74chance of identifying vulnerabilities.
75
76## Build
77
78This describes steps to build keystoreSignature_fuzzer, keystorePackageInfo_fuzzer, keystoreApplicationId_fuzzer and keystoreAttestationId_fuzzer binary.
79
80### Android
81
82#### Steps to build
83Build the fuzzer
84```
85 $ mm -j$(nproc) keystoreSignature_fuzzer
86 $ mm -j$(nproc) keystorePackageInfo_fuzzer
87 $ mm -j$(nproc) keystoreApplicationId_fuzzer
88 $ mm -j$(nproc) keystoreAttestationId_fuzzer
89```
90#### Steps to run
91
92To run on device
93```
94 $ adb sync data
95 $ adb shell /data/fuzz/${TARGET_ARCH}/keystoreSignature_fuzzer/keystoreSignature_fuzzer
96 $ adb shell /data/fuzz/${TARGET_ARCH}/keystorePackageInfo_fuzzer/keystorePackageInfo_fuzzer
97 $ adb shell /data/fuzz/${TARGET_ARCH}/keystoreApplicationId_fuzzer/keystoreApplicationId_fuzzer
98 $ adb shell /data/fuzz/${TARGET_ARCH}/keystoreAttestationId_fuzzer/keystoreAttestationId_fuzzer
99```
100
101## References:
102 * http://llvm.org/docs/LibFuzzer.html
103 * https://github.com/google/oss-fuzz
104