1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_idm_service_fuzzer.h"
17
18 #include "parcel.h"
19 #include "securec.h"
20
21 #include "iam_fuzz_test.h"
22 #include "iam_logger.h"
23 #include "user_idm_service.h"
24
25 #undef private
26
27 using namespace std;
28 using namespace OHOS::UserIam::Common;
29
30 #define LOG_LABEL UserIam::Common::LABEL_USER_AUTH_SA
31
32 namespace OHOS {
33 namespace UserIam {
34 namespace UserAuth {
35 namespace {
36 class DummyIdmGetCredentialInfoCallback : public IdmGetCredInfoCallbackInterface {
37 public:
OnCredentialInfos(const std::vector<std::shared_ptr<CredentialInfo>> infoList,const std::optional<PinSubType> pinSubType)38 void OnCredentialInfos(const std::vector<std::shared_ptr<CredentialInfo>> infoList,
39 const std::optional<PinSubType> pinSubType) override
40 {
41 IAM_LOGI("start");
42 return;
43 }
44
AsObject()45 sptr<IRemoteObject> AsObject() override
46 {
47 return nullptr;
48 }
49 };
50
51 class DummyIdmGetSecureUserInfoCallback : public IdmGetSecureUserInfoCallbackInterface {
52 public:
OnSecureUserInfo(const std::shared_ptr<SecureUserInfo> info)53 void OnSecureUserInfo(const std::shared_ptr<SecureUserInfo> info) override
54 {
55 IAM_LOGI("start");
56 return;
57 }
58
AsObject()59 sptr<IRemoteObject> AsObject() override
60 {
61 return nullptr;
62 }
63 };
64
65 class DummyIdmCallback : public IdmCallbackInterface {
66 public:
OnResult(int32_t result,const Attributes & reqRet)67 void OnResult(int32_t result, const Attributes &reqRet) override
68 {
69 IAM_LOGI("start");
70 return;
71 }
72
OnAcquireInfo(int32_t module,int32_t acquire,const Attributes & reqRet)73 void OnAcquireInfo(int32_t module, int32_t acquire, const Attributes &reqRet) override
74 {
75 IAM_LOGI("start");
76 return;
77 }
78
AsObject()79 sptr<IRemoteObject> AsObject() override
80 {
81 return nullptr;
82 }
83 };
84
GetFuzzOptionalUserId(Parcel & parcel)85 int32_t GetFuzzOptionalUserId(Parcel &parcel)
86 {
87 if (parcel.ReadBool()) {
88 return parcel.ReadInt32();
89 }
90 return 0;
91 }
92
GetFuzzIdmGetCredentialInfoCallback(Parcel & parcel)93 sptr<IdmGetCredInfoCallbackInterface> GetFuzzIdmGetCredentialInfoCallback(Parcel &parcel)
94 {
95 if (parcel.ReadBool()) {
96 return new (nothrow) DummyIdmGetCredentialInfoCallback();
97 }
98 return nullptr;
99 }
100
GetFuzzIdmGetSecureUserInfoCallback(Parcel & parcel)101 sptr<IdmGetSecureUserInfoCallbackInterface> GetFuzzIdmGetSecureUserInfoCallback(Parcel &parcel)
102 {
103 if (parcel.ReadBool()) {
104 return new (nothrow) DummyIdmGetSecureUserInfoCallback();
105 }
106 return nullptr;
107 }
108
GetFuzzIdmCallback(Parcel & parcel)109 sptr<IdmCallbackInterface> GetFuzzIdmCallback(Parcel &parcel)
110 {
111 if (parcel.ReadBool()) {
112 return new (nothrow) DummyIdmCallback();
113 }
114 return nullptr;
115 }
116
117 UserIdmService g_UserIdmService(SUBSYS_USERIAM_SYS_ABILITY_USERIDM, true);
118
FuzzOnStart(Parcel & parcel)119 void FuzzOnStart(Parcel &parcel)
120 {
121 IAM_LOGI("begin");
122 g_UserIdmService.OnStart();
123 IAM_LOGI("end");
124 }
125
FuzzOnStop(Parcel & parcel)126 void FuzzOnStop(Parcel &parcel)
127 {
128 IAM_LOGI("begin");
129 static int32_t skipCount = 1000;
130 // OnStop affects test of other function, skip it in the first phase
131 if (skipCount > 0) {
132 --skipCount;
133 return;
134 }
135 g_UserIdmService.OnStop();
136 IAM_LOGI("end");
137 }
138
FuzzOpenSession(Parcel & parcel)139 void FuzzOpenSession(Parcel &parcel)
140 {
141 IAM_LOGI("begin");
142 int32_t userId = GetFuzzOptionalUserId(parcel);
143 std::vector<uint8_t> challenge;
144 FillFuzzUint8Vector(parcel, challenge);
145 g_UserIdmService.OpenSession(userId, challenge);
146 IAM_LOGI("end");
147 }
148
FuzzCloseSession(Parcel & parcel)149 void FuzzCloseSession(Parcel &parcel)
150 {
151 IAM_LOGI("begin");
152 int32_t userId = GetFuzzOptionalUserId(parcel);
153 g_UserIdmService.CloseSession(userId);
154 IAM_LOGI("end");
155 }
156
FuzzGetCredentialInfo(Parcel & parcel)157 void FuzzGetCredentialInfo(Parcel &parcel)
158 {
159 IAM_LOGI("begin");
160 int32_t userId = GetFuzzOptionalUserId(parcel);
161 AuthType authType = static_cast<AuthType>(parcel.ReadUint32());
162 sptr<IdmGetCredInfoCallbackInterface> callback = GetFuzzIdmGetCredentialInfoCallback(parcel);
163 g_UserIdmService.GetCredentialInfo(userId, authType, callback);
164 IAM_LOGI("end");
165 }
166
FuzzGetSecInfo(Parcel & parcel)167 void FuzzGetSecInfo(Parcel &parcel)
168 {
169 IAM_LOGI("begin");
170 int32_t userId = GetFuzzOptionalUserId(parcel);
171 sptr<IdmGetSecureUserInfoCallbackInterface> callback = GetFuzzIdmGetSecureUserInfoCallback(parcel);
172 g_UserIdmService.GetSecInfo(userId, callback);
173 IAM_LOGI("end");
174 }
175
FuzzAddCredential(Parcel & parcel)176 void FuzzAddCredential(Parcel &parcel)
177 {
178 IAM_LOGI("begin");
179 int32_t userId = parcel.ReadInt32();
180 UserIdmInterface::CredentialPara para = {};
181 para.authType = static_cast<AuthType>(parcel.ReadInt32());
182 para.pinType = static_cast<PinSubType>(parcel.ReadInt32());
183 FillFuzzUint8Vector(parcel, para.token);
184 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
185 g_UserIdmService.AddCredential(userId, para, callback, false);
186 IAM_LOGI("end");
187 }
188
FuzzUpdateCredential(Parcel & parcel)189 void FuzzUpdateCredential(Parcel &parcel)
190 {
191 IAM_LOGI("begin");
192 int32_t userId = parcel.ReadInt32();
193 UserIdmInterface::CredentialPara para = {};
194 para.authType = static_cast<AuthType>(parcel.ReadInt32());
195 para.pinType = static_cast<PinSubType>(parcel.ReadInt32());
196 FillFuzzUint8Vector(parcel, para.token);
197 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
198 g_UserIdmService.UpdateCredential(userId, para, callback);
199 IAM_LOGI("end");
200 }
201
FuzzCancel(Parcel & parcel)202 void FuzzCancel(Parcel &parcel)
203 {
204 IAM_LOGI("begin");
205 int32_t userId = parcel.ReadInt32();
206 g_UserIdmService.Cancel(userId);
207 IAM_LOGI("end");
208 }
209
FuzzEnforceDelUser(Parcel & parcel)210 void FuzzEnforceDelUser(Parcel &parcel)
211 {
212 IAM_LOGI("begin");
213 int32_t userId = parcel.ReadInt32();
214 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
215 g_UserIdmService.EnforceDelUser(userId, callback);
216 IAM_LOGI("end");
217 }
218
FuzzDelUser(Parcel & parcel)219 void FuzzDelUser(Parcel &parcel)
220 {
221 IAM_LOGI("begin");
222 int32_t userId = parcel.ReadInt32();
223 std::vector<uint8_t> authToken;
224 FillFuzzUint8Vector(parcel, authToken);
225 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
226 g_UserIdmService.DelUser(userId, authToken, callback);
227 IAM_LOGI("end");
228 }
229
DelCredential(Parcel & parcel)230 void DelCredential(Parcel &parcel)
231 {
232 IAM_LOGI("begin");
233 int32_t userId = parcel.ReadInt32();
234 uint64_t credentialId = parcel.ReadUint64();
235 std::vector<uint8_t> authToken;
236 FillFuzzUint8Vector(parcel, authToken);
237 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
238 g_UserIdmService.DelCredential(userId, credentialId, authToken, callback);
239 IAM_LOGI("end");
240 }
241
242 using FuzzFunc = decltype(FuzzOnStart);
243 FuzzFunc *g_fuzzFuncs[] = {
244 FuzzOnStart,
245 FuzzOnStop,
246 FuzzOpenSession,
247 FuzzCloseSession,
248 FuzzGetCredentialInfo,
249 FuzzGetSecInfo,
250 FuzzAddCredential,
251 FuzzUpdateCredential,
252 FuzzCancel,
253 FuzzEnforceDelUser,
254 FuzzDelUser,
255 DelCredential,
256 };
257
UserIdmFuzzTest(const uint8_t * data,size_t size)258 void UserIdmFuzzTest(const uint8_t *data, size_t size)
259 {
260 Parcel parcel;
261 parcel.WriteBuffer(data, size);
262 parcel.RewindRead(0);
263 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
264 auto fuzzFunc = g_fuzzFuncs[index];
265 fuzzFunc(parcel);
266 return;
267 }
268 } // namespace
269 } // namespace UserAuth
270 } // namespace UserIam
271 } // namespace OHOS
272
273 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)274 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
275 {
276 OHOS::UserIam::UserAuth::UserIdmFuzzTest(data, size);
277 return 0;
278 }
279