1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_auth_service_fuzzer.h"
17
18 #include <cinttypes>
19 #include <cstddef>
20 #include <cstdint>
21
22 #include "parcel.h"
23
24 #include "iam_fuzz_test.h"
25 #include "iam_logger.h"
26 #include "user_auth_service.h"
27 #include "user_auth_common_defines.h"
28 #include "user_auth_event_listener_stub.h"
29 #include "dummy_iam_callback_interface.h"
30
31 #undef private
32
33 #ifdef LOG_LABEL
34 #undef LOG_LABEL
35 #endif
36 #define LOG_TAG "USER_AUTH_SA"
37
38 using namespace std;
39 using namespace OHOS::UserIam::Common;
40 using namespace OHOS::UserIam::UserAuth;
41
42 namespace OHOS {
43 namespace UserIam {
44 namespace UserAuth {
45 namespace {
46 class DummyUserAuthCallback : public UserAuthCallbackInterface {
47 public:
48 ~DummyUserAuthCallback() override = default;
49
OnAcquireInfo(int32_t module,int32_t acquireInfo,const Attributes & extraInfo)50 void OnAcquireInfo(int32_t module, int32_t acquireInfo, const Attributes &extraInfo) override
51 {
52 IAM_LOGI("start");
53 static_cast<void>(module);
54 static_cast<void>(acquireInfo);
55 static_cast<void>(extraInfo);
56 return;
57 }
58
OnResult(int32_t result,const Attributes & extraInfo)59 void OnResult(int32_t result, const Attributes &extraInfo) override
60 {
61 IAM_LOGI("start");
62 static_cast<void>(result);
63 static_cast<void>(extraInfo);
64 return;
65 }
66
AsObject()67 sptr<IRemoteObject> AsObject() override
68 {
69 sptr<IRemoteObject> tmp(nullptr);
70 return tmp;
71 }
72 };
73
74 class DummyGetExecutorPropertyCallback : public GetExecutorPropertyCallbackInterface {
75 public:
76 ~DummyGetExecutorPropertyCallback() override = default;
77
OnGetExecutorPropertyResult(int32_t result,const Attributes & attributes)78 void OnGetExecutorPropertyResult(int32_t result, const Attributes &attributes) override
79 {
80 IAM_LOGI("start");
81 return;
82 }
83
AsObject()84 sptr<IRemoteObject> AsObject() override
85 {
86 sptr<IRemoteObject> tmp(nullptr);
87 return tmp;
88 }
89 };
90
91 class DummySetExecutorPropertyCallback : public SetExecutorPropertyCallbackInterface {
92 public:
93 ~DummySetExecutorPropertyCallback() override = default;
94
OnSetExecutorPropertyResult(int32_t result)95 void OnSetExecutorPropertyResult(int32_t result) override
96 {
97 IAM_LOGI("start");
98 return;
99 }
100
AsObject()101 sptr<IRemoteObject> AsObject() override
102 {
103 sptr<IRemoteObject> tmp(nullptr);
104 return tmp;
105 }
106 };
107
108 class DummyWidgetCallback : public WidgetCallbackInterface {
109 public:
SendCommand(const std::string & cmdData)110 void SendCommand(const std::string &cmdData) override
111 {
112 IAM_LOGI("start");
113 }
114
AsObject()115 sptr<IRemoteObject> AsObject() override
116 {
117 sptr<IRemoteObject> tmp(nullptr);
118 return tmp;
119 }
120 };
121
122 class DummyAuthEventListener : public AuthEventListenerInterface {
123 public:
124 ~DummyAuthEventListener() override = default;
125
AsObject()126 sptr<IRemoteObject> AsObject() override
127 {
128 sptr<IRemoteObject> tmp(nullptr);
129 return tmp;
130 }
131
OnNotifyAuthSuccessEvent(int32_t userId,AuthType authType,int32_t callerType,std::string & callerName)132 void OnNotifyAuthSuccessEvent(int32_t userId, AuthType authType, int32_t callerType,
133 std::string &callerName) override
134 {
135 IAM_LOGI("notify: userId: %{public}d, authType: %{public}d, callerName: %{public}s,"
136 "callerType: %{public}d", userId, static_cast<int32_t>(authType), callerName.c_str(), callerType);
137 }
138 };
139
140 class DummyVerifyTokenCallback : public VerifyTokenCallbackInterface {
141 public:
142 ~DummyVerifyTokenCallback() override = default;
143
OnVerifyTokenResult(int32_t result,const Attributes & attributes)144 void OnVerifyTokenResult(int32_t result, const Attributes &attributes) override
145 {
146 IAM_LOGI("start");
147 return;
148 }
149
AsObject()150 sptr<IRemoteObject> AsObject() override
151 {
152 sptr<IRemoteObject> tmp(nullptr);
153 return tmp;
154 }
155 };
156
157 UserAuthService g_userAuthService;
158
FuzzGetEnrolledState(Parcel & parcel)159 void FuzzGetEnrolledState(Parcel &parcel)
160 {
161 IAM_LOGI("begin");
162 int32_t apiVersion = parcel.ReadInt32();
163 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
164 EnrolledState enrolledState = {};
165 g_userAuthService.GetEnrolledState(apiVersion, authType, enrolledState);
166 IAM_LOGI("end");
167 }
168
FuzzGetAvailableStatusOtherScene(Parcel & parcel)169 void FuzzGetAvailableStatusOtherScene(Parcel &parcel)
170 {
171 IAM_LOGI("begin");
172 int32_t apiVersion = 8;
173 int32_t pin = 1;
174 AuthType authType = static_cast<AuthType>(pin);
175 AuthTrustLevel authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
176 int32_t userId = parcel.ReadInt32();
177 g_userAuthService.GetAvailableStatus(apiVersion, userId, authType, authTrustLevel);
178 IAM_LOGI("end");
179 }
180
FuzzGetAvailableStatus(Parcel & parcel)181 void FuzzGetAvailableStatus(Parcel &parcel)
182 {
183 IAM_LOGI("begin");
184 int32_t apiVersion = parcel.ReadInt32();
185 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
186 AuthTrustLevel authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
187 int32_t userId = parcel.ReadInt32();
188 g_userAuthService.GetAvailableStatus(apiVersion, userId, authType, authTrustLevel);
189 FuzzGetAvailableStatusOtherScene(parcel);
190 IAM_LOGI("end");
191 }
192
FuzzGetProperty(Parcel & parcel)193 void FuzzGetProperty(Parcel &parcel)
194 {
195 IAM_LOGI("begin");
196 constexpr uint32_t maxDataLen = 50;
197 int32_t userId = parcel.ReadInt32();
198 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
199 std::vector<Attributes::AttributeKey> keys;
200 uint32_t keysLen = parcel.ReadUint32() % maxDataLen;
201 keys.reserve(keysLen);
202 for (uint32_t i = 0; i < keysLen; i++) {
203 keys.emplace_back(static_cast<Attributes::AttributeKey>(parcel.ReadInt32()));
204 }
205
206 sptr<GetExecutorPropertyCallbackInterface> callback(nullptr);
207 if (parcel.ReadBool()) {
208 callback = sptr<GetExecutorPropertyCallbackInterface>(new (std::nothrow) DummyGetExecutorPropertyCallback());
209 }
210 g_userAuthService.GetProperty(userId, authType, keys, callback);
211 IAM_LOGI("end");
212 }
213
FuzzSetProperty(Parcel & parcel)214 void FuzzSetProperty(Parcel &parcel)
215 {
216 IAM_LOGI("begin");
217 int32_t userId = parcel.ReadInt32();
218 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
219 vector<uint8_t> attributesRaw;
220 FillFuzzUint8Vector(parcel, attributesRaw);
221 Attributes attributes(attributesRaw);
222 sptr<SetExecutorPropertyCallbackInterface> callback(nullptr);
223 if (parcel.ReadBool()) {
224 callback = sptr<SetExecutorPropertyCallbackInterface>(new (nothrow) DummySetExecutorPropertyCallback());
225 }
226
227 g_userAuthService.SetProperty(userId, authType, attributes, callback);
228 IAM_LOGI("end");
229 }
230
FuzzAuth(Parcel & parcel)231 void FuzzAuth(Parcel &parcel)
232 {
233 IAM_LOGI("begin");
234 int32_t apiVersion = parcel.ReadInt32();
235 std::vector<uint8_t> challenge;
236 FillFuzzUint8Vector(parcel, challenge);
237 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
238 AuthTrustLevel authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
239 sptr<UserAuthCallbackInterface> callback(nullptr);
240 if (parcel.ReadBool()) {
241 callback = sptr<UserAuthCallbackInterface>(new (std::nothrow) DummyUserAuthCallback());
242 }
243 g_userAuthService.Auth(apiVersion, challenge, authType, authTrustLevel, callback);
244 IAM_LOGI("end");
245 }
246
FuzzAuthUser(Parcel & parcel)247 void FuzzAuthUser(Parcel &parcel)
248 {
249 IAM_LOGI("begin");
250 std::vector<uint8_t> challenge;
251 FillFuzzUint8Vector(parcel, challenge);
252 sptr<UserAuthCallbackInterface> callback(nullptr);
253 if (parcel.ReadBool()) {
254 callback = sptr<UserAuthCallbackInterface>(new (nothrow) DummyUserAuthCallback());
255 }
256 AuthParamInner param = {
257 .userId = parcel.ReadInt32(),
258 .challenge = challenge,
259 .authType = static_cast<AuthType>(parcel.ReadInt32()),
260 .authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32()),
261 };
262 std::optional<RemoteAuthParam> remoteAuthParam = std::nullopt;
263 g_userAuthService.AuthUser(param, remoteAuthParam, callback);
264 IAM_LOGI("end");
265 }
266
FuzzIdentify(Parcel & parcel)267 void FuzzIdentify(Parcel &parcel)
268 {
269 IAM_LOGI("begin");
270 std::vector<uint8_t> challenge;
271 FillFuzzUint8Vector(parcel, challenge);
272 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
273 sptr<UserAuthCallbackInterface> callback(nullptr);
274 if (parcel.ReadBool()) {
275 callback = sptr<UserAuthCallbackInterface>(new (nothrow) DummyUserAuthCallback());
276 }
277 g_userAuthService.Identify(challenge, authType, callback);
278 IAM_LOGI("end");
279 }
280
FuzzCancelAuthOrIdentify(Parcel & parcel)281 void FuzzCancelAuthOrIdentify(Parcel &parcel)
282 {
283 IAM_LOGI("begin");
284 uint64_t contextId = parcel.ReadUint64();
285 int32_t cancelReason = parcel.ReadInt32();
286 g_userAuthService.CancelAuthOrIdentify(contextId, cancelReason);
287 IAM_LOGI("end");
288 }
289
FuzzGetVersion(Parcel & parcel)290 void FuzzGetVersion(Parcel &parcel)
291 {
292 IAM_LOGI("begin");
293 int32_t version = -1;
294 g_userAuthService.GetVersion(version);
295 IAM_LOGI("end");
296 }
297
FuzzAuthWidget(Parcel & parcel)298 void FuzzAuthWidget(Parcel &parcel)
299 {
300 IAM_LOGI("begin");
301 int32_t apiVersion = parcel.ReadInt32();
302 AuthParamInner authParam;
303 WidgetParamInner widgetParam;
304 FillFuzzUint8Vector(parcel, authParam.challenge);
305 std::vector<int32_t> atList;
306 parcel.ReadInt32Vector(&atList);
307 for (auto at : atList) {
308 authParam.authTypes.push_back(static_cast<AuthType>(at));
309 }
310 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
311 sptr<UserAuthCallbackInterface> callback(nullptr);
312 widgetParam.title = parcel.ReadString();
313 widgetParam.navigationButtonText = parcel.ReadString();
314 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
315 if (parcel.ReadBool()) {
316 callback = sptr<UserAuthCallbackInterface>(new (std::nothrow) DummyUserAuthCallback());
317 }
318 sptr<ModalCallbackInterface> testModalCallback(nullptr);
319 g_userAuthService.AuthWidget(apiVersion, authParam, widgetParam, callback, testModalCallback);
320 IAM_LOGI("end");
321 }
322
FuzzNotice(Parcel & parcel)323 void FuzzNotice(Parcel &parcel)
324 {
325 IAM_LOGI("begin");
326 NoticeType noticeType = static_cast<NoticeType>(parcel.ReadInt32());
327 std::string eventData = parcel.ReadString();
328 g_userAuthService.Notice(noticeType, eventData);
329 IAM_LOGI("end");
330 }
331
FuzzRegisterWidgetCallback(Parcel & parcel)332 void FuzzRegisterWidgetCallback(Parcel &parcel)
333 {
334 IAM_LOGI("begin");
335 int32_t version = parcel.ReadInt32();
336 sptr<WidgetCallbackInterface> callback(nullptr);
337 if (parcel.ReadBool()) {
338 callback = sptr<WidgetCallbackInterface>(new (std::nothrow) DummyWidgetCallback());
339 }
340 g_userAuthService.RegisterWidgetCallback(version, callback);
341 IAM_LOGI("end");
342 }
343
FuzzRegistUserAuthSuccessEventListener(Parcel & parcel)344 void FuzzRegistUserAuthSuccessEventListener(Parcel &parcel)
345 {
346 IAM_LOGI("begin");
347 std::vector<int32_t> authType;
348 std::vector<AuthType> authTypeList;
349 parcel.ReadInt32Vector(&authType);
350 for (const auto &iter : authType) {
351 authTypeList.push_back(static_cast<AuthType>(iter));
352 }
353
354 sptr<AuthEventListenerInterface> callback(nullptr);
355 if (parcel.ReadBool()) {
356 callback = sptr<AuthEventListenerInterface>(new (std::nothrow) DummyAuthEventListener());
357 }
358
359 g_userAuthService.RegistUserAuthSuccessEventListener(authTypeList, callback);
360 g_userAuthService.UnRegistUserAuthSuccessEventListener(callback);
361 IAM_LOGI("end");
362 }
363
FuzzSetGlobalConfigParam(Parcel & parcel)364 void FuzzSetGlobalConfigParam(Parcel &parcel)
365 {
366 IAM_LOGI("start");
367 GlobalConfigParam param = {};
368 param.value.pinExpiredPeriod = parcel.ReadUint64();
369 param.type = static_cast<GlobalConfigType>(parcel.ReadInt32());
370 g_userAuthService.SetGlobalConfigParam(param);
371 IAM_LOGI("end");
372 }
373
FuzzPrepareRemoteAuth(Parcel & parcel)374 void FuzzPrepareRemoteAuth(Parcel &parcel)
375 {
376 IAM_LOGI("begin");
377 std::string networkId = parcel.ReadString();
378 sptr<UserAuthCallbackInterface> callback(nullptr);
379 if (parcel.ReadBool()) {
380 callback = sptr<UserAuthCallbackInterface>(new (nothrow) DummyUserAuthCallback());
381 }
382 g_userAuthService.PrepareRemoteAuth(networkId, callback);
383 IAM_LOGI("end");
384 }
385
FuzzCheckValidSolution(Parcel & parcel)386 void FuzzCheckValidSolution(Parcel &parcel)
387 {
388 IAM_LOGI("begin");
389 int32_t userId = parcel.ReadInt32();
390 std::vector<uint8_t> challenge;
391 FillFuzzUint8Vector(parcel, challenge);
392 AuthParamInner authParam = {
393 .userId = parcel.ReadInt32(),
394 .challenge = challenge,
395 .authType = static_cast<AuthType>(parcel.ReadInt32()),
396 .authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32()),
397 };
398 WidgetParamInner widgetParam;
399 widgetParam.title = parcel.ReadString();
400 widgetParam.navigationButtonText = parcel.ReadString();
401 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
402 std::vector<int32_t> authType;
403 std::vector<AuthType> validType;
404 parcel.ReadInt32Vector(&authType);
405 for (const auto &iter : authType) {
406 validType.push_back(static_cast<AuthType>(iter));
407 }
408 g_userAuthService.CheckValidSolution(userId, authParam, widgetParam, validType);
409 IAM_LOGI("end");
410 }
411
412
FuzzCompleteRemoteAuthParam(Parcel & parcel)413 void FuzzCompleteRemoteAuthParam(Parcel &parcel)
414 {
415 IAM_LOGI("begin");
416 RemoteAuthParam remoteAuthParam = {};
417 std::string localNetworkId = "1234567890123456789012345678901234567890123456789012345678901234";
418 remoteAuthParam.verifierNetworkId = std::nullopt;
419 g_userAuthService.CompleteRemoteAuthParam(remoteAuthParam, localNetworkId);
420 remoteAuthParam.verifierNetworkId = "123";
421 remoteAuthParam.collectorNetworkId = "1234123456789012345678901234567890123456789012345678901234567890";
422 g_userAuthService.CompleteRemoteAuthParam(remoteAuthParam, localNetworkId);
423 remoteAuthParam.verifierNetworkId = localNetworkId;
424 g_userAuthService.CompleteRemoteAuthParam(remoteAuthParam, localNetworkId);
425 IAM_LOGI("end");
426 }
427
FuzzGetAuthContextCallback(Parcel & parcel)428 void FuzzGetAuthContextCallback(Parcel &parcel)
429 {
430 IAM_LOGI("begin");
431 int32_t apiVersion = parcel.ReadInt32();
432 AuthParamInner authParam = {};
433 WidgetParamInner widgetParam = {};
434 sptr<UserAuthCallbackInterface> callback = sptr<UserAuthCallbackInterface>(new (nothrow) DummyUserAuthCallback);
435 g_userAuthService.GetAuthContextCallback(apiVersion, authParam, widgetParam, callback);
436 authParam.authTypes = {PIN, FACE, FINGERPRINT};
437 ReuseUnlockResult reuseUnlockResult = {};
438 reuseUnlockResult.isReuse = true;
439 authParam.reuseUnlockResult = reuseUnlockResult;
440 g_userAuthService.GetAuthContextCallback(apiVersion, authParam, widgetParam, callback);
441 IAM_LOGI("end");
442 }
443
FuzzInsert2ContextPool(Parcel & parcel)444 void FuzzInsert2ContextPool(Parcel &parcel)
445 {
446 IAM_LOGI("begin");
447 ContextFactory::AuthWidgetContextPara para = {};
448 auto context = ContextFactory::CreateWidgetContext(para, nullptr);
449 g_userAuthService.Insert2ContextPool(context);
450 IAM_LOGI("end");
451 }
452
FuzzCheckAuthWidgetType(Parcel & parcel)453 void FuzzCheckAuthWidgetType(Parcel &parcel)
454 {
455 IAM_LOGI("begin");
456 std::vector<AuthType> authType = {PIN, FACE, FINGERPRINT};
457 g_userAuthService.CheckAuthWidgetType(authType);
458 authType = {PIN, FACE, FINGERPRINT, RECOVERY_KEY};
459 g_userAuthService.CheckAuthWidgetType(authType);
460 IAM_LOGI("end");
461 }
462
FuzzCheckSingeFaceOrFinger(Parcel & parcel)463 void FuzzCheckSingeFaceOrFinger(Parcel &parcel)
464 {
465 IAM_LOGI("begin");
466 std::vector<AuthType> authType = {PIN, FACE, FINGERPRINT};
467 g_userAuthService.CheckSingeFaceOrFinger(authType);
468 authType = {PIN};
469 g_userAuthService.CheckSingeFaceOrFinger(authType);
470 authType = {FACE};
471 g_userAuthService.CheckSingeFaceOrFinger(authType);
472 authType = {FINGERPRINT};
473 g_userAuthService.CheckSingeFaceOrFinger(authType);
474 IAM_LOGI("end");
475 }
476
FuzzAuthRemoteUser(Parcel & parcel)477 void FuzzAuthRemoteUser(Parcel &parcel)
478 {
479 IAM_LOGI("begin");
480 std::vector<uint8_t> challenge;
481 FillFuzzUint8Vector(parcel, challenge);
482 AuthParamInner authParam = {
483 .userId = INVALID_USER_ID,
484 .challenge = challenge,
485 .authType = static_cast<AuthType>(parcel.ReadInt32()),
486 .authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32()),
487 };
488 Authentication::AuthenticationPara para = {};
489 RemoteAuthParam remoteAuthParam = {};
490 sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
491 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
492 ResultCode failReason = SUCCESS;
493 g_userAuthService.AuthRemoteUser(authParam, para, remoteAuthParam, contextCallback, failReason);
494 authParam.authType = PIN;
495 g_userAuthService.AuthRemoteUser(authParam, para, remoteAuthParam, contextCallback, failReason);
496 IAM_LOGI("end");
497 }
498
FuzzFillGetPropertyValue(Parcel & parcel)499 void FuzzFillGetPropertyValue(Parcel &parcel)
500 {
501 IAM_LOGI("begin");
502 AuthType authType = PIN;
503 std::vector<Attributes::AttributeKey> keys = {Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION};
504 Attributes *values = new Attributes();
505 g_userAuthService.FillGetPropertyValue(authType, keys, *values);
506 authType = FACE;
507 g_userAuthService.FillGetPropertyValue(authType, keys, *values);
508 IAM_LOGI("end");
509 }
510
FuzzFillGetPropertyKeys(Parcel & parcel)511 void FuzzFillGetPropertyKeys(Parcel &parcel)
512 {
513 IAM_LOGI("begin");
514 AuthType authType = PIN;
515 std::vector<Attributes::AttributeKey> keys = {Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION};
516 std::vector<uint32_t> uint32Keys = {parcel.ReadInt32(), parcel.ReadInt32()};
517 g_userAuthService.FillGetPropertyKeys(authType, keys, uint32Keys);
518 authType = FACE;
519 g_userAuthService.FillGetPropertyKeys(authType, keys, uint32Keys);
520 IAM_LOGI("end");
521 }
522
FuzzStartWidgetContext(Parcel & parcel)523 void FuzzStartWidgetContext(Parcel &parcel)
524 {
525 IAM_LOGI("begin");
526 sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
527 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
528 AuthParamInner authParam = {};
529 WidgetParamInner widgetParam = {};
530 std::vector<AuthType> validType = {PIN};
531 ContextFactory::AuthWidgetContextPara para;
532 g_userAuthService.StartWidgetContext(contextCallback, authParam, widgetParam, validType, para);
533 IAM_LOGI("end");
534 }
535
FuzzStartRemoteAuthInvokerContext(Parcel & parcel)536 void FuzzStartRemoteAuthInvokerContext(Parcel &parcel)
537 {
538 IAM_LOGI("begin");
539 AuthParamInner authParam = {};
540 RemoteAuthInvokerContextParam param = {};
541 sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
542 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
543 g_userAuthService.StartRemoteAuthInvokerContext(authParam, param, contextCallback);
544 IAM_LOGI("end");
545 }
546
FuzzStartAuthContext(Parcel & parcel)547 void FuzzStartAuthContext(Parcel &parcel)
548 {
549 IAM_LOGI("begin");
550 int32_t apiVersion = parcel.ReadInt32();
551 Authentication::AuthenticationPara para;
552 sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
553 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
554 g_userAuthService.StartAuthContext(apiVersion, para, contextCallback, true);
555 IAM_LOGI("end");
556 }
557
FuzzGetPropertyById(Parcel & parcel)558 void FuzzGetPropertyById(Parcel &parcel)
559 {
560 IAM_LOGI("begin");
561 constexpr uint32_t maxDataLen = 50;
562 uint64_t credentialId = parcel.ReadUint64();
563 std::vector<Attributes::AttributeKey> keys;
564 uint32_t keysLen = parcel.ReadUint32() % maxDataLen;
565 keys.reserve(keysLen);
566 for (uint32_t i = 0; i < keysLen; i++) {
567 keys.emplace_back(static_cast<Attributes::AttributeKey>(parcel.ReadInt32()));
568 }
569
570 sptr<GetExecutorPropertyCallbackInterface> callback(nullptr);
571 if (parcel.ReadBool()) {
572 callback = sptr<GetExecutorPropertyCallbackInterface>(new (std::nothrow) DummyGetExecutorPropertyCallback());
573 }
574 g_userAuthService.GetPropertyById(credentialId, keys, callback);
575 IAM_LOGI("end");
576 }
577
FuzzVerifyAuthToken(Parcel & parcel)578 void FuzzVerifyAuthToken(Parcel &parcel)
579 {
580 IAM_LOGI("begin");
581 uint64_t allowableDuration = parcel.ReadUint64();
582 std::vector<uint8_t> tokenIn = {};
583 Common::FillFuzzUint8Vector(parcel, tokenIn);
584 sptr<VerifyTokenCallbackInterface> callback(nullptr);
585 if (parcel.ReadBool()) {
586 callback = sptr<VerifyTokenCallbackInterface>(new (std::nothrow) DummyVerifyTokenCallback());
587 }
588 g_userAuthService.VerifyAuthToken(tokenIn, allowableDuration, callback);
589 IAM_LOGI("end");
590 }
591
592 using FuzzFunc = decltype(FuzzGetAvailableStatus);
593 FuzzFunc *g_fuzzFuncs[] = {
594 FuzzGetEnrolledState,
595 FuzzGetAvailableStatus,
596 FuzzGetProperty,
597 FuzzSetProperty,
598 FuzzAuth,
599 FuzzAuthUser,
600 FuzzIdentify,
601 FuzzCancelAuthOrIdentify,
602 FuzzGetVersion,
603 FuzzAuthWidget,
604 FuzzNotice,
605 FuzzRegisterWidgetCallback,
606 FuzzRegistUserAuthSuccessEventListener,
607 FuzzSetGlobalConfigParam,
608 FuzzPrepareRemoteAuth,
609 FuzzCheckValidSolution,
610 FuzzCompleteRemoteAuthParam,
611 FuzzGetAuthContextCallback,
612 FuzzInsert2ContextPool,
613 FuzzCheckAuthWidgetType,
614 FuzzCheckSingeFaceOrFinger,
615 FuzzAuthRemoteUser,
616 FuzzFillGetPropertyValue,
617 FuzzFillGetPropertyKeys,
618 FuzzStartWidgetContext,
619 FuzzStartRemoteAuthInvokerContext,
620 FuzzStartAuthContext,
621 FuzzGetPropertyById,
622 FuzzVerifyAuthToken,
623 };
624
UserAuthFuzzTest(const uint8_t * data,size_t size)625 void UserAuthFuzzTest(const uint8_t *data, size_t size)
626 {
627 Parcel parcel;
628 parcel.WriteBuffer(data, size);
629 parcel.RewindRead(0);
630 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs)) / sizeof(FuzzFunc *);
631 auto fuzzFunc = g_fuzzFuncs[index];
632 fuzzFunc(parcel);
633 return;
634 }
635 } // namespace
636 } // namespace UserAuth
637 } // namespace UserIam
638 } // namespace OHOS
639
640 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)641 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
642 {
643 OHOS::UserIam::UserAuth::UserAuthFuzzTest(data, size);
644 return 0;
645 }
646