1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_auth_client_fuzzer.h"
17
18 #include "parcel.h"
19
20 #include "user_auth_client_impl.h"
21 #include "user_auth_callback_service.h"
22 #include "iam_fuzz_test.h"
23 #include "iam_logger.h"
24 #include "iam_ptr.h"
25
26 #define LOG_TAG "USER_AUTH_SDK"
27
28 namespace OHOS {
29 namespace UserIam {
30 namespace UserAuth {
31 namespace {
32 class DummyGetPropCallback final : public GetPropCallback {
33 public:
OnResult(int32_t result,const Attributes & extraInfo)34 void OnResult(int32_t result, const Attributes &extraInfo)
35 {
36 IAM_LOGI("start");
37 static_cast<void>(result);
38 static_cast<void>(extraInfo);
39 }
40 };
41
42 class DummySetPropCallback final : public SetPropCallback {
43 public:
OnResult(int32_t result,const Attributes & extraInfo)44 void OnResult(int32_t result, const Attributes &extraInfo)
45 {
46 IAM_LOGI("start");
47 static_cast<void>(result);
48 static_cast<void>(extraInfo);
49 }
50 };
51
52 class DummyAuthenticationCallback final : public AuthenticationCallback {
53 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)54 void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
55 {
56 IAM_LOGI("start");
57 static_cast<void>(module);
58 static_cast<void>(acquireInfo);
59 static_cast<void>(extraInfo);
60 }
61
OnResult(int32_t result,const Attributes & extraInfo)62 void OnResult(int32_t result, const Attributes &extraInfo)
63 {
64 IAM_LOGI("start");
65 static_cast<void>(result);
66 static_cast<void>(extraInfo);
67 }
68 };
69
70 class DummyIdentificationCallback final : public IdentificationCallback {
71 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)72 void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
73 {
74 IAM_LOGI("start");
75 static_cast<void>(module);
76 static_cast<void>(acquireInfo);
77 static_cast<void>(extraInfo);
78 }
79
OnResult(int32_t result,const Attributes & extraInfo)80 void OnResult(int32_t result, const Attributes &extraInfo)
81 {
82 IAM_LOGI("start");
83 static_cast<void>(result);
84 static_cast<void>(extraInfo);
85 }
86 };
87
88 class DummyPrepareRemoteAuthCallback final : public PrepareRemoteAuthCallback {
89 public:
OnResult(int32_t result)90 void OnResult(int32_t result)
91 {
92 IAM_LOGI("start");
93 static_cast<void>(result);
94 }
95 };
96
97 class DummyIUserAuthWidgetCallback final : public IUserAuthWidgetCallback {
98 public:
SendCommand(const std::string & cmdData)99 void SendCommand(const std::string &cmdData)
100 {
101 IAM_LOGI("start");
102 static_cast<void>(cmdData);
103 }
104 };
105
FuzzClientGetEnrolledState(Parcel & parcel)106 void FuzzClientGetEnrolledState(Parcel &parcel)
107 {
108 IAM_LOGI("start");
109 auto apiVersion = parcel.ReadInt32();
110 auto authType = static_cast<AuthType>(parcel.ReadInt32());
111 EnrolledState enrolledState = {};
112 UserAuthClientImpl::Instance().GetEnrolledState(apiVersion, authType, enrolledState);
113 IAM_LOGI("end");
114 }
115
FuzzClientGetAvailableStatus(Parcel & parcel)116 void FuzzClientGetAvailableStatus(Parcel &parcel)
117 {
118 IAM_LOGI("start");
119 auto authType = static_cast<AuthType>(parcel.ReadInt32());
120 auto atl = static_cast<AuthTrustLevel>(parcel.ReadUint32());
121 auto userId = static_cast<AuthTrustLevel>(parcel.ReadInt32());
122 auto apiVersion = static_cast<AuthTrustLevel>(parcel.ReadInt32());
123 UserAuthClientImpl::Instance().GetAvailableStatus(userId, authType, atl);
124 UserAuthClientImpl::Instance().GetNorthAvailableStatus(apiVersion, authType, atl);
125 UserAuthClientImpl::Instance().GetAvailableStatus(authType, atl);
126 IAM_LOGI("end");
127 }
128
FuzzClientGetProperty(Parcel & parcel)129 void FuzzClientGetProperty(Parcel &parcel)
130 {
131 IAM_LOGI("start");
132 int32_t userId = parcel.ReadInt32();
133 GetPropertyRequest request = {};
134 request.authType = static_cast<AuthType>(parcel.ReadInt32());
135 request.keys.push_back(static_cast<Attributes::AttributeKey>(parcel.ReadUint32()));
136 auto callback = Common::MakeShared<DummyGetPropCallback>();
137 UserAuthClient::GetInstance().GetProperty(userId, request, callback);
138 UserAuthClient::GetInstance().GetProperty(userId, request, nullptr);
139 IAM_LOGI("end");
140 }
141
FuzzClientSetProperty(Parcel & parcel)142 void FuzzClientSetProperty(Parcel &parcel)
143 {
144 IAM_LOGI("start");
145 int32_t userId = parcel.ReadInt32();
146 SetPropertyRequest request = {};
147 request.authType = static_cast<AuthType>(parcel.ReadInt32());
148 request.mode = static_cast<PropertyMode>(parcel.ReadUint32());
149 auto callback = Common::MakeShared<DummySetPropCallback>();
150 UserAuthClient::GetInstance().SetProperty(userId, request, callback);
151 UserAuthClient::GetInstance().SetProperty(userId, request, nullptr);
152 IAM_LOGI("end");
153 }
154
FuzzClientBeginAuthentication001(Parcel & parcel)155 void FuzzClientBeginAuthentication001(Parcel &parcel)
156 {
157 IAM_LOGI("start");
158 AuthParam authParam = {};
159 authParam.userId = parcel.ReadInt32();
160 Common::FillFuzzUint8Vector(parcel, authParam.challenge);
161 authParam.authType = static_cast<AuthType>(parcel.ReadInt32());
162 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadUint32());
163 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
164 UserAuthClient::GetInstance().BeginAuthentication(authParam, callback);
165 UserAuthClient::GetInstance().BeginAuthentication(authParam, nullptr);
166 IAM_LOGI("end");
167 }
168
FuzzClientBeginAuthentication002(Parcel & parcel)169 void FuzzClientBeginAuthentication002(Parcel &parcel)
170 {
171 IAM_LOGI("start");
172 int32_t apiVersion = parcel.ReadInt32();
173 std::vector<uint8_t> challenge;
174 Common::FillFuzzUint8Vector(parcel, challenge);
175 auto authType = static_cast<AuthType>(parcel.ReadInt32());
176 auto atl = static_cast<AuthTrustLevel>(parcel.ReadUint32());
177 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
178 UserAuthClientImpl::Instance().BeginNorthAuthentication(apiVersion, challenge, authType, atl, callback);
179 UserAuthClientImpl::Instance().BeginNorthAuthentication(apiVersion, challenge, authType, atl, nullptr);
180 IAM_LOGI("end");
181 }
182
FuzzClientCancelAuthentication(Parcel & parcel)183 void FuzzClientCancelAuthentication(Parcel &parcel)
184 {
185 IAM_LOGI("start");
186 uint64_t contextId = parcel.ReadUint64();
187 UserAuthClient::GetInstance().CancelAuthentication(contextId);
188 IAM_LOGI("end");
189 }
190
FuzzClientBeginIdentification(Parcel & parcel)191 void FuzzClientBeginIdentification(Parcel &parcel)
192 {
193 IAM_LOGI("start");
194 std::vector<uint8_t> challenge;
195 Common::FillFuzzUint8Vector(parcel, challenge);
196 auto authType = static_cast<AuthType>(parcel.ReadInt32());
197 auto callback = Common::MakeShared<DummyIdentificationCallback>();
198 UserAuthClient::GetInstance().BeginIdentification(challenge, authType, callback);
199 UserAuthClient::GetInstance().BeginIdentification(challenge, authType, nullptr);
200 IAM_LOGI("end");
201 }
202
FuzzCancelIdentification(Parcel & parcel)203 void FuzzCancelIdentification(Parcel &parcel)
204 {
205 IAM_LOGI("start");
206 uint64_t contextId = parcel.ReadUint64();
207 UserAuthClient::GetInstance().CancelIdentification(contextId);
208 IAM_LOGI("end");
209 }
210
FuzzClientGetVersion(Parcel & parcel)211 void FuzzClientGetVersion(Parcel &parcel)
212 {
213 IAM_LOGI("start");
214 static_cast<void>(parcel.ReadInt32());
215 int32_t version = -1;
216 UserAuthClientImpl::Instance().GetVersion(version);
217 IAM_LOGI("end");
218 }
219
FuzzClientRegistUserAuthSuccessEventListener(Parcel & parcel)220 void FuzzClientRegistUserAuthSuccessEventListener(Parcel &parcel)
221 {
222 IAM_LOGI("start");
223 std::vector<AuthType> authTypeList;
224 authTypeList.push_back(AuthType::PIN);
225 authTypeList.push_back(AuthType::FACE);
226 authTypeList.push_back(AuthType::FINGERPRINT);
227 sptr<AuthEventListenerInterface> listener = {};
228 UserAuthClientImpl::Instance().RegistUserAuthSuccessEventListener(authTypeList, listener);
229 IAM_LOGI("end");
230 }
231
FuzzClientUnRegistUserAuthSuccessEventListener(Parcel & Parcel)232 void FuzzClientUnRegistUserAuthSuccessEventListener(Parcel &Parcel)
233 {
234 IAM_LOGI("start");
235 sptr<AuthEventListenerInterface> listener = {};
236 UserAuthClientImpl::Instance().UnRegistUserAuthSuccessEventListener(listener);
237 IAM_LOGI("end");
238 }
239
FuzzClientSetGlobalConfigParam(Parcel & parcel)240 void FuzzClientSetGlobalConfigParam(Parcel &parcel)
241 {
242 IAM_LOGI("start");
243 GlobalConfigParam param = {};
244 UserAuthClientImpl::Instance().SetGlobalConfigParam(param);
245 IAM_LOGI("end");
246 }
247
FuzzClientPrepareRemoteAuth(Parcel & parcel)248 void FuzzClientPrepareRemoteAuth(Parcel &parcel)
249 {
250 IAM_LOGI("start");
251 std::string networkId = parcel.ReadString();
252 auto callback = Common::MakeShared<DummyPrepareRemoteAuthCallback>();
253 UserAuthClientImpl::Instance().PrepareRemoteAuth(networkId, callback);
254 UserAuthClientImpl::Instance().PrepareRemoteAuth(networkId, nullptr);
255 IAM_LOGI("end");
256 }
257
FuzzBeginWidgetAuth(Parcel & parcel)258 void FuzzBeginWidgetAuth(Parcel &parcel)
259 {
260 IAM_LOGI("start");
261 int32_t apiVersion = parcel.ReadInt32();
262 WidgetAuthParam authParam;
263 WidgetParam widgetParam;
264 Common::FillFuzzUint8Vector(parcel, authParam.challenge);
265 std::vector<int32_t> atList;
266 parcel.ReadInt32Vector(&atList);
267 for (auto at : atList) {
268 authParam.authTypes.push_back(static_cast<AuthType>(at));
269 }
270 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
271 widgetParam.title = parcel.ReadString();
272 widgetParam.navigationButtonText = parcel.ReadString();
273 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
274 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
275 UserAuthClientImpl::Instance().BeginWidgetAuth(apiVersion, authParam, widgetParam, callback);
276 UserAuthClientImpl::Instance().BeginWidgetAuth(authParam, widgetParam, callback);
277 IAM_LOGI("end");
278 }
279
FuzzSetWidgetCallback(Parcel & parcel)280 void FuzzSetWidgetCallback(Parcel &parcel)
281 {
282 IAM_LOGI("start");
283 int32_t version = -1;
284 auto callback = Common::MakeShared<DummyIUserAuthWidgetCallback>();
285 UserAuthClientImpl::Instance().SetWidgetCallback(version, callback);
286 IAM_LOGI("end");
287 }
288
FuzzNotice(Parcel & parcel)289 void FuzzNotice(Parcel &parcel)
290 {
291 IAM_LOGI("start");
292 NoticeType noticeType = static_cast<NoticeType>(parcel.ReadInt32());
293 std::string eventData = parcel.ReadString();
294 UserAuthClientImpl::Instance().Notice(noticeType, eventData);
295 IAM_LOGI("end");
296 }
297
298 auto g_UserAuthCallbackService =
299 Common::MakeShared<UserAuthCallbackService>(Common::MakeShared<DummyAuthenticationCallback>());
300
301 auto g_GetPropCallbackService =
302 Common::MakeShared<GetExecutorPropertyCallbackService>(Common::MakeShared<DummyGetPropCallback>());
303
304 auto g_SetPropCallbackService =
305 Common::MakeShared<SetExecutorPropertyCallbackService>(Common::MakeShared<DummySetPropCallback>());
306
FuzzUserAuthCallbackServiceOnResult(Parcel & parcel)307 void FuzzUserAuthCallbackServiceOnResult(Parcel &parcel)
308 {
309 IAM_LOGI("start");
310 int32_t result = parcel.ReadInt32();
311 std::vector<uint8_t> attr;
312 Common::FillFuzzUint8Vector(parcel, attr);
313 Attributes extraInfo(attr);
314 if (g_UserAuthCallbackService != nullptr) {
315 g_UserAuthCallbackService->OnResult(result, extraInfo);
316 }
317 IAM_LOGI("end");
318 }
319
FuzzUserAuthCallbackServiceOnAcquireInfo(Parcel & parcel)320 void FuzzUserAuthCallbackServiceOnAcquireInfo(Parcel &parcel)
321 {
322 IAM_LOGI("start");
323 int32_t result = parcel.ReadInt32();
324 int32_t acquireInfo = parcel.ReadInt32();
325 std::vector<uint8_t> attr;
326 Common::FillFuzzUint8Vector(parcel, attr);
327 Attributes extraInfo(attr);
328 if (g_UserAuthCallbackService != nullptr) {
329 g_UserAuthCallbackService->OnAcquireInfo(result, acquireInfo, extraInfo);
330 }
331 IAM_LOGI("end");
332 }
333
FuzzGetPropCallbackServiceOnPropResult(Parcel & parcel)334 void FuzzGetPropCallbackServiceOnPropResult(Parcel &parcel)
335 {
336 IAM_LOGI("start");
337 int32_t result = parcel.ReadInt32();
338 std::vector<uint8_t> attr;
339 Common::FillFuzzUint8Vector(parcel, attr);
340 Attributes extraInfo(attr);
341 if (g_GetPropCallbackService != nullptr) {
342 g_GetPropCallbackService->OnGetExecutorPropertyResult(result, extraInfo);
343 }
344 IAM_LOGI("end");
345 }
346
FuzzSetPropCallbackServiceOnPropResult(Parcel & parcel)347 void FuzzSetPropCallbackServiceOnPropResult(Parcel &parcel)
348 {
349 IAM_LOGI("start");
350 int32_t result = parcel.ReadInt32();
351 if (g_SetPropCallbackService != nullptr) {
352 g_SetPropCallbackService->OnSetExecutorPropertyResult(result);
353 }
354 IAM_LOGI("end");
355 }
356
FuzzSetGlobalConfigParam(Parcel & parcel)357 void FuzzSetGlobalConfigParam(Parcel &parcel)
358 {
359 IAM_LOGI("start");
360 GlobalConfigParam param = {};
361 param.value.pinExpiredPeriod = parcel.ReadUint64();
362 param.type = static_cast<GlobalConfigType>(parcel.ReadInt32());
363 UserAuthClientImpl::Instance().SetGlobalConfigParam(param);
364 IAM_LOGI("end");
365 }
366
367 using FuzzFunc = decltype(FuzzClientGetAvailableStatus);
368 FuzzFunc *g_fuzzFuncs[] = {
369 FuzzClientGetEnrolledState,
370 FuzzClientGetAvailableStatus,
371 FuzzClientGetProperty,
372 FuzzClientSetProperty,
373 FuzzClientBeginAuthentication001,
374 FuzzClientBeginAuthentication002,
375 FuzzClientCancelAuthentication,
376 FuzzClientBeginIdentification,
377 FuzzClientRegistUserAuthSuccessEventListener,
378 FuzzClientUnRegistUserAuthSuccessEventListener,
379 FuzzClientSetGlobalConfigParam,
380 FuzzClientPrepareRemoteAuth,
381 FuzzCancelIdentification,
382 FuzzClientGetVersion,
383 FuzzBeginWidgetAuth,
384 FuzzSetWidgetCallback,
385 FuzzNotice,
386 FuzzUserAuthCallbackServiceOnResult,
387 FuzzUserAuthCallbackServiceOnAcquireInfo,
388 FuzzGetPropCallbackServiceOnPropResult,
389 FuzzSetPropCallbackServiceOnPropResult,
390 FuzzSetGlobalConfigParam,
391 };
392
UserAuthClientFuzzTest(const uint8_t * data,size_t size)393 void UserAuthClientFuzzTest(const uint8_t *data, size_t size)
394 {
395 Parcel parcel;
396 parcel.WriteBuffer(data, size);
397 parcel.RewindRead(0);
398 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
399 auto fuzzFunc = g_fuzzFuncs[index];
400 fuzzFunc(parcel);
401 return;
402 }
403 } // namespace
404 } // namespace UserAuth
405 } // namespace UserIam
406 } // namespace OHOS
407
408 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)409 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
410 {
411 OHOS::UserIam::UserAuth::UserAuthClientFuzzTest(data, size);
412 return 0;
413 }
414