1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_auth_client_fuzzer.h"
17
18 #include "parcel.h"
19
20 #include "iam_fuzz_test.h"
21 #include "iam_logger.h"
22 #include "iam_ptr.h"
23
24 #include "modal_callback_service.h"
25 #include "user_auth_client_impl.h"
26 #include "user_auth_callback_service.h"
27 #include "user_auth_modal_inner_callback.h"
28 #include "user_auth_napi_client_impl.h"
29
30 #define LOG_TAG "USER_AUTH_SDK"
31
32 namespace OHOS {
33 namespace UserIam {
34 namespace UserAuth {
35 namespace {
36 class DummyGetPropCallback final : public GetPropCallback {
37 public:
OnResult(int32_t result,const Attributes & extraInfo)38 void OnResult(int32_t result, const Attributes &extraInfo)
39 {
40 IAM_LOGI("start");
41 static_cast<void>(result);
42 static_cast<void>(extraInfo);
43 }
44 };
45
46 class DummySetPropCallback final : public SetPropCallback {
47 public:
OnResult(int32_t result,const Attributes & extraInfo)48 void OnResult(int32_t result, const Attributes &extraInfo)
49 {
50 IAM_LOGI("start");
51 static_cast<void>(result);
52 static_cast<void>(extraInfo);
53 }
54 };
55
56 class DummyAuthenticationCallback final : public AuthenticationCallback {
57 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)58 void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
59 {
60 IAM_LOGI("start");
61 static_cast<void>(module);
62 static_cast<void>(acquireInfo);
63 static_cast<void>(extraInfo);
64 }
65
OnResult(int32_t result,const Attributes & extraInfo)66 void OnResult(int32_t result, const Attributes &extraInfo)
67 {
68 IAM_LOGI("start");
69 static_cast<void>(result);
70 static_cast<void>(extraInfo);
71 }
72 };
73
74 class DummyIdentificationCallback final : public IdentificationCallback {
75 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)76 void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
77 {
78 IAM_LOGI("start");
79 static_cast<void>(module);
80 static_cast<void>(acquireInfo);
81 static_cast<void>(extraInfo);
82 }
83
OnResult(int32_t result,const Attributes & extraInfo)84 void OnResult(int32_t result, const Attributes &extraInfo)
85 {
86 IAM_LOGI("start");
87 static_cast<void>(result);
88 static_cast<void>(extraInfo);
89 }
90 };
91
92 class DummyPrepareRemoteAuthCallback final : public PrepareRemoteAuthCallback {
93 public:
OnResult(int32_t result)94 void OnResult(int32_t result)
95 {
96 IAM_LOGI("start");
97 static_cast<void>(result);
98 }
99 };
100
101 class DummyIUserAuthWidgetCallback final : public IUserAuthWidgetCallback {
102 public:
SendCommand(const std::string & cmdData)103 void SendCommand(const std::string &cmdData)
104 {
105 IAM_LOGI("start");
106 static_cast<void>(cmdData);
107 }
108 };
109
FuzzClientGetEnrolledState(Parcel & parcel)110 void FuzzClientGetEnrolledState(Parcel &parcel)
111 {
112 IAM_LOGI("start");
113 auto apiVersion = parcel.ReadInt32();
114 auto authType = static_cast<AuthType>(parcel.ReadInt32());
115 EnrolledState enrolledState = {};
116 UserAuthClientImpl::Instance().GetEnrolledState(apiVersion, authType, enrolledState);
117 IAM_LOGI("end");
118 }
119
FuzzClientGetAvailableStatus(Parcel & parcel)120 void FuzzClientGetAvailableStatus(Parcel &parcel)
121 {
122 IAM_LOGI("start");
123 auto authType = static_cast<AuthType>(parcel.ReadInt32());
124 auto atl = static_cast<AuthTrustLevel>(parcel.ReadUint32());
125 auto userId = static_cast<AuthTrustLevel>(parcel.ReadInt32());
126 auto apiVersion = static_cast<AuthTrustLevel>(parcel.ReadInt32());
127 UserAuthClientImpl::Instance().GetAvailableStatus(userId, authType, atl);
128 UserAuthClientImpl::Instance().GetNorthAvailableStatus(apiVersion, authType, atl);
129 UserAuthClientImpl::Instance().GetAvailableStatus(authType, atl);
130 IAM_LOGI("end");
131 }
132
FuzzClientGetProperty(Parcel & parcel)133 void FuzzClientGetProperty(Parcel &parcel)
134 {
135 IAM_LOGI("start");
136 int32_t userId = parcel.ReadInt32();
137 GetPropertyRequest request = {};
138 request.authType = static_cast<AuthType>(parcel.ReadInt32());
139 request.keys.push_back(static_cast<Attributes::AttributeKey>(parcel.ReadUint32()));
140 auto callback = Common::MakeShared<DummyGetPropCallback>();
141 UserAuthClient::GetInstance().GetProperty(userId, request, callback);
142 UserAuthClient::GetInstance().GetProperty(userId, request, nullptr);
143 IAM_LOGI("end");
144 }
145
FuzzClientSetProperty(Parcel & parcel)146 void FuzzClientSetProperty(Parcel &parcel)
147 {
148 IAM_LOGI("start");
149 int32_t userId = parcel.ReadInt32();
150 SetPropertyRequest request = {};
151 request.authType = static_cast<AuthType>(parcel.ReadInt32());
152 request.mode = static_cast<PropertyMode>(parcel.ReadUint32());
153 auto callback = Common::MakeShared<DummySetPropCallback>();
154 UserAuthClient::GetInstance().SetProperty(userId, request, callback);
155 UserAuthClient::GetInstance().SetProperty(userId, request, nullptr);
156 IAM_LOGI("end");
157 }
158
FuzzClientBeginAuthentication001(Parcel & parcel)159 void FuzzClientBeginAuthentication001(Parcel &parcel)
160 {
161 IAM_LOGI("start");
162 AuthParam authParam = {};
163 authParam.userId = parcel.ReadInt32();
164 Common::FillFuzzUint8Vector(parcel, authParam.challenge);
165 authParam.authType = static_cast<AuthType>(parcel.ReadInt32());
166 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadUint32());
167 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
168 UserAuthClient::GetInstance().BeginAuthentication(authParam, callback);
169 UserAuthClient::GetInstance().BeginAuthentication(authParam, nullptr);
170 IAM_LOGI("end");
171 }
172
FuzzClientBeginAuthentication002(Parcel & parcel)173 void FuzzClientBeginAuthentication002(Parcel &parcel)
174 {
175 IAM_LOGI("start");
176 int32_t apiVersion = parcel.ReadInt32();
177 std::vector<uint8_t> challenge;
178 Common::FillFuzzUint8Vector(parcel, challenge);
179 auto authType = static_cast<AuthType>(parcel.ReadInt32());
180 auto atl = static_cast<AuthTrustLevel>(parcel.ReadUint32());
181 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
182 UserAuthClientImpl::Instance().BeginNorthAuthentication(apiVersion, challenge, authType, atl, callback);
183 UserAuthClientImpl::Instance().BeginNorthAuthentication(apiVersion, challenge, authType, atl, nullptr);
184 IAM_LOGI("end");
185 }
186
FuzzClientCancelAuthentication(Parcel & parcel)187 void FuzzClientCancelAuthentication(Parcel &parcel)
188 {
189 IAM_LOGI("start");
190 uint64_t contextId = parcel.ReadUint64();
191 UserAuthClient::GetInstance().CancelAuthentication(contextId);
192 IAM_LOGI("end");
193 }
194
FuzzClientBeginIdentification(Parcel & parcel)195 void FuzzClientBeginIdentification(Parcel &parcel)
196 {
197 IAM_LOGI("start");
198 std::vector<uint8_t> challenge;
199 Common::FillFuzzUint8Vector(parcel, challenge);
200 auto authType = static_cast<AuthType>(parcel.ReadInt32());
201 auto callback = Common::MakeShared<DummyIdentificationCallback>();
202 UserAuthClient::GetInstance().BeginIdentification(challenge, authType, callback);
203 UserAuthClient::GetInstance().BeginIdentification(challenge, authType, nullptr);
204 IAM_LOGI("end");
205 }
206
FuzzCancelIdentification(Parcel & parcel)207 void FuzzCancelIdentification(Parcel &parcel)
208 {
209 IAM_LOGI("start");
210 uint64_t contextId = parcel.ReadUint64();
211 UserAuthClient::GetInstance().CancelIdentification(contextId);
212 IAM_LOGI("end");
213 }
214
FuzzClientGetVersion(Parcel & parcel)215 void FuzzClientGetVersion(Parcel &parcel)
216 {
217 IAM_LOGI("start");
218 static_cast<void>(parcel.ReadInt32());
219 int32_t version = -1;
220 UserAuthClientImpl::Instance().GetVersion(version);
221 IAM_LOGI("end");
222 }
223
FuzzClientRegistUserAuthSuccessEventListener(Parcel & parcel)224 void FuzzClientRegistUserAuthSuccessEventListener(Parcel &parcel)
225 {
226 IAM_LOGI("start");
227 std::vector<AuthType> authTypeList;
228 authTypeList.push_back(AuthType::PIN);
229 authTypeList.push_back(AuthType::FACE);
230 authTypeList.push_back(AuthType::FINGERPRINT);
231 sptr<AuthEventListenerInterface> listener = {};
232 UserAuthClientImpl::Instance().RegistUserAuthSuccessEventListener(authTypeList, listener);
233 IAM_LOGI("end");
234 }
235
FuzzClientUnRegistUserAuthSuccessEventListener(Parcel & Parcel)236 void FuzzClientUnRegistUserAuthSuccessEventListener(Parcel &Parcel)
237 {
238 IAM_LOGI("start");
239 sptr<AuthEventListenerInterface> listener = {};
240 UserAuthClientImpl::Instance().UnRegistUserAuthSuccessEventListener(listener);
241 IAM_LOGI("end");
242 }
243
FuzzClientSetGlobalConfigParam(Parcel & parcel)244 void FuzzClientSetGlobalConfigParam(Parcel &parcel)
245 {
246 IAM_LOGI("start");
247 GlobalConfigParam param = {};
248 UserAuthClientImpl::Instance().SetGlobalConfigParam(param);
249 IAM_LOGI("end");
250 }
251
FuzzClientPrepareRemoteAuth(Parcel & parcel)252 void FuzzClientPrepareRemoteAuth(Parcel &parcel)
253 {
254 IAM_LOGI("start");
255 std::string networkId = parcel.ReadString();
256 auto callback = Common::MakeShared<DummyPrepareRemoteAuthCallback>();
257 UserAuthClientImpl::Instance().PrepareRemoteAuth(networkId, callback);
258 UserAuthClientImpl::Instance().PrepareRemoteAuth(networkId, nullptr);
259 IAM_LOGI("end");
260 }
261
FuzzBeginWidgetAuth(Parcel & parcel)262 void FuzzBeginWidgetAuth(Parcel &parcel)
263 {
264 IAM_LOGI("start");
265 int32_t apiVersion = parcel.ReadInt32();
266 WidgetAuthParam authParam;
267 WidgetParam widgetParam;
268 Common::FillFuzzUint8Vector(parcel, authParam.challenge);
269 std::vector<int32_t> atList;
270 parcel.ReadInt32Vector(&atList);
271 for (auto at : atList) {
272 authParam.authTypes.push_back(static_cast<AuthType>(at));
273 }
274 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
275 widgetParam.title = parcel.ReadString();
276 widgetParam.navigationButtonText = parcel.ReadString();
277 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
278 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
279 UserAuthClientImpl::Instance().BeginWidgetAuth(apiVersion, authParam, widgetParam, callback);
280 UserAuthClientImpl::Instance().BeginWidgetAuth(authParam, widgetParam, callback);
281 IAM_LOGI("end");
282 }
283
FuzzNapiBeginWidgetAuth(Parcel & parcel)284 void FuzzNapiBeginWidgetAuth(Parcel &parcel)
285 {
286 IAM_LOGI("start");
287 int32_t apiVersion = parcel.ReadInt32();
288 AuthParamInner authParam;
289 UserAuthNapiClientImpl::WidgetParamNapi widgetParam;
290 Common::FillFuzzUint8Vector(parcel, authParam.challenge);
291 std::vector<int32_t> atList;
292 parcel.ReadInt32Vector(&atList);
293 for (auto at : atList) {
294 authParam.authTypes.push_back(static_cast<AuthType>(at));
295 }
296 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
297 widgetParam.title = parcel.ReadString();
298 widgetParam.navigationButtonText = parcel.ReadString();
299 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
300 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
301 std::shared_ptr<UserAuthModalInnerCallback> modalCallback = Common::MakeShared<UserAuthModalInnerCallback>();
302 UserAuthNapiClientImpl::Instance().BeginWidgetAuth(apiVersion, authParam, widgetParam, callback, modalCallback);
303 IAM_LOGI("end");
304 }
305
FuzzSetWidgetCallback(Parcel & parcel)306 void FuzzSetWidgetCallback(Parcel &parcel)
307 {
308 IAM_LOGI("start");
309 int32_t version = -1;
310 auto callback = Common::MakeShared<DummyIUserAuthWidgetCallback>();
311 UserAuthClientImpl::Instance().SetWidgetCallback(version, callback);
312 IAM_LOGI("end");
313 }
314
FuzzNotice(Parcel & parcel)315 void FuzzNotice(Parcel &parcel)
316 {
317 IAM_LOGI("start");
318 NoticeType noticeType = static_cast<NoticeType>(parcel.ReadInt32());
319 std::string eventData = parcel.ReadString();
320 UserAuthClientImpl::Instance().Notice(noticeType, eventData);
321 IAM_LOGI("end");
322 }
323
324 auto g_UserAuthCallbackService =
325 Common::MakeShared<UserAuthCallbackService>(Common::MakeShared<DummyAuthenticationCallback>());
326
327 auto g_GetPropCallbackService =
328 Common::MakeShared<GetExecutorPropertyCallbackService>(Common::MakeShared<DummyGetPropCallback>());
329
330 auto g_SetPropCallbackService =
331 Common::MakeShared<SetExecutorPropertyCallbackService>(Common::MakeShared<DummySetPropCallback>());
332
FuzzUserAuthCallbackServiceOnResult(Parcel & parcel)333 void FuzzUserAuthCallbackServiceOnResult(Parcel &parcel)
334 {
335 IAM_LOGI("start");
336 int32_t result = parcel.ReadInt32();
337 std::vector<uint8_t> attr;
338 Common::FillFuzzUint8Vector(parcel, attr);
339 Attributes extraInfo(attr);
340 if (g_UserAuthCallbackService != nullptr) {
341 g_UserAuthCallbackService->OnResult(result, extraInfo);
342 }
343 IAM_LOGI("end");
344 }
345
FuzzUserAuthCallbackServiceOnAcquireInfo(Parcel & parcel)346 void FuzzUserAuthCallbackServiceOnAcquireInfo(Parcel &parcel)
347 {
348 IAM_LOGI("start");
349 int32_t result = parcel.ReadInt32();
350 int32_t acquireInfo = parcel.ReadInt32();
351 std::vector<uint8_t> attr;
352 Common::FillFuzzUint8Vector(parcel, attr);
353 Attributes extraInfo(attr);
354 if (g_UserAuthCallbackService != nullptr) {
355 g_UserAuthCallbackService->OnAcquireInfo(result, acquireInfo, extraInfo);
356 }
357 IAM_LOGI("end");
358 }
359
FuzzGetPropCallbackServiceOnPropResult(Parcel & parcel)360 void FuzzGetPropCallbackServiceOnPropResult(Parcel &parcel)
361 {
362 IAM_LOGI("start");
363 int32_t result = parcel.ReadInt32();
364 std::vector<uint8_t> attr;
365 Common::FillFuzzUint8Vector(parcel, attr);
366 Attributes extraInfo(attr);
367 if (g_GetPropCallbackService != nullptr) {
368 g_GetPropCallbackService->OnGetExecutorPropertyResult(result, extraInfo);
369 }
370 IAM_LOGI("end");
371 }
372
FuzzSetPropCallbackServiceOnPropResult(Parcel & parcel)373 void FuzzSetPropCallbackServiceOnPropResult(Parcel &parcel)
374 {
375 IAM_LOGI("start");
376 int32_t result = parcel.ReadInt32();
377 if (g_SetPropCallbackService != nullptr) {
378 g_SetPropCallbackService->OnSetExecutorPropertyResult(result);
379 }
380 IAM_LOGI("end");
381 }
382
FuzzSetGlobalConfigParam(Parcel & parcel)383 void FuzzSetGlobalConfigParam(Parcel &parcel)
384 {
385 IAM_LOGI("start");
386 GlobalConfigParam param = {};
387 param.value.pinExpiredPeriod = parcel.ReadUint64();
388 param.type = static_cast<GlobalConfigType>(parcel.ReadInt32());
389 UserAuthClientImpl::Instance().SetGlobalConfigParam(param);
390 IAM_LOGI("end");
391 }
392
393 using FuzzFunc = decltype(FuzzClientGetAvailableStatus);
394 FuzzFunc *g_fuzzFuncs[] = {
395 FuzzClientGetEnrolledState,
396 FuzzClientGetAvailableStatus,
397 FuzzClientGetProperty,
398 FuzzClientSetProperty,
399 FuzzClientBeginAuthentication001,
400 FuzzClientBeginAuthentication002,
401 FuzzClientCancelAuthentication,
402 FuzzClientBeginIdentification,
403 FuzzClientRegistUserAuthSuccessEventListener,
404 FuzzClientUnRegistUserAuthSuccessEventListener,
405 FuzzClientSetGlobalConfigParam,
406 FuzzClientPrepareRemoteAuth,
407 FuzzCancelIdentification,
408 FuzzClientGetVersion,
409 FuzzBeginWidgetAuth,
410 FuzzSetWidgetCallback,
411 FuzzNotice,
412 FuzzUserAuthCallbackServiceOnResult,
413 FuzzUserAuthCallbackServiceOnAcquireInfo,
414 FuzzGetPropCallbackServiceOnPropResult,
415 FuzzSetPropCallbackServiceOnPropResult,
416 FuzzSetGlobalConfigParam,
417 FuzzNapiBeginWidgetAuth,
418 };
419
UserAuthClientFuzzTest(const uint8_t * data,size_t size)420 void UserAuthClientFuzzTest(const uint8_t *data, size_t size)
421 {
422 Parcel parcel;
423 parcel.WriteBuffer(data, size);
424 parcel.RewindRead(0);
425 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
426 auto fuzzFunc = g_fuzzFuncs[index];
427 fuzzFunc(parcel);
428 return;
429 }
430 } // namespace
431 } // namespace UserAuth
432 } // namespace UserIam
433 } // namespace OHOS
434
435 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)436 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
437 {
438 OHOS::UserIam::UserAuth::UserAuthClientFuzzTest(data, size);
439 return 0;
440 }
441