1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_idm_client_fuzzer.h"
17
18 #include "parcel.h"
19
20 #include "user_idm_client.h"
21 #include "user_idm_callback_service.h"
22 #include "iam_fuzz_test.h"
23 #include "iam_logger.h"
24 #include "iam_ptr.h"
25
26 #define LOG_TAG "USER_AUTH_SDK"
27
28 namespace OHOS {
29 namespace UserIam {
30 namespace UserAuth {
31 namespace {
32 class DummyUserIdmClientCallback final : public UserIdmClientCallback {
33 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)34 void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
35 {
36 IAM_LOGI("start");
37 static_cast<void>(module);
38 static_cast<void>(acquireInfo);
39 static_cast<void>(extraInfo);
40 }
41
OnResult(int32_t result,const Attributes & extraInfo)42 void OnResult(int32_t result, const Attributes &extraInfo)
43 {
44 IAM_LOGI("start");
45 static_cast<void>(result);
46 static_cast<void>(extraInfo);
47 }
48 };
49
50 class DummyGetCredentialInfoCallback final : public GetCredentialInfoCallback {
51 public:
OnCredentialInfo(int32_t result,const std::vector<CredentialInfo> & infoList)52 void OnCredentialInfo(int32_t result, const std::vector<CredentialInfo> &infoList)
53 {
54 IAM_LOGI("start");
55 static_cast<void>(result);
56 static_cast<void>(infoList);
57 }
58 };
59
60 class DummyGetSecUserInfoCallback final : public GetSecUserInfoCallback {
61 public:
OnSecUserInfo(int32_t result,const SecUserInfo & info)62 void OnSecUserInfo(int32_t result, const SecUserInfo &info)
63 {
64 IAM_LOGI("start");
65 static_cast<void>(result);
66 static_cast<void>(info);
67 }
68 };
69
FuzzClientOpenSession(Parcel & parcel)70 void FuzzClientOpenSession(Parcel &parcel)
71 {
72 IAM_LOGI("start");
73 int32_t userId = parcel.ReadInt32();
74 UserIdmClient::GetInstance().OpenSession(userId);
75 IAM_LOGI("end");
76 }
77
FuzzClientCloseSession(Parcel & parcel)78 void FuzzClientCloseSession(Parcel &parcel)
79 {
80 IAM_LOGI("start");
81 int32_t userId = parcel.ReadInt32();
82 UserIdmClient::GetInstance().CloseSession(userId);
83 IAM_LOGI("end");
84 }
85
FuzzClientAddCredential(Parcel & parcel)86 void FuzzClientAddCredential(Parcel &parcel)
87 {
88 IAM_LOGI("start");
89 int32_t userId = parcel.ReadInt32();
90 CredentialParameters para = {};
91 para.authType = static_cast<AuthType>(parcel.ReadInt32());
92 Common::FillFuzzUint8Vector(parcel, para.token);
93 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
94 UserIdmClient::GetInstance().AddCredential(userId, para, callback);
95 UserIdmClient::GetInstance().AddCredential(userId, para, nullptr);
96 IAM_LOGI("end");
97 }
98
FuzzClientUpdateCredential(Parcel & parcel)99 void FuzzClientUpdateCredential(Parcel &parcel)
100 {
101 IAM_LOGI("start");
102 int32_t userId = parcel.ReadInt32();
103 CredentialParameters para = {};
104 para.authType = static_cast<AuthType>(parcel.ReadInt32());
105 Common::FillFuzzUint8Vector(parcel, para.token);
106 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
107 UserIdmClient::GetInstance().UpdateCredential(userId, para, callback);
108 UserIdmClient::GetInstance().UpdateCredential(userId, para, nullptr);
109 IAM_LOGI("end");
110 }
111
FuzzClientCancel(Parcel & parcel)112 void FuzzClientCancel(Parcel &parcel)
113 {
114 IAM_LOGI("start");
115 int32_t userId = parcel.ReadInt32();
116 UserIdmClient::GetInstance().Cancel(userId);
117 IAM_LOGI("end");
118 }
119
FuzzClientDeleteCredential(Parcel & parcel)120 void FuzzClientDeleteCredential(Parcel &parcel)
121 {
122 IAM_LOGI("start");
123 int32_t userId = parcel.ReadInt32();
124 uint64_t credentialId = parcel.ReadUint64();
125 std::vector<uint8_t> authToken;
126 Common::FillFuzzUint8Vector(parcel, authToken);
127 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
128 UserIdmClient::GetInstance().DeleteCredential(userId, credentialId, authToken, callback);
129 UserIdmClient::GetInstance().DeleteCredential(userId, credentialId, authToken, nullptr);
130 IAM_LOGI("end");
131 }
132
FuzzClientDeleteUser(Parcel & parcel)133 void FuzzClientDeleteUser(Parcel &parcel)
134 {
135 IAM_LOGI("start");
136 int32_t userId = parcel.ReadInt32();
137 std::vector<uint8_t> authToken;
138 Common::FillFuzzUint8Vector(parcel, authToken);
139 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
140 UserIdmClient::GetInstance().DeleteUser(userId, authToken, callback);
141 UserIdmClient::GetInstance().DeleteUser(userId, authToken, nullptr);
142 IAM_LOGI("end");
143 }
144
FuzzClientEraseUser(Parcel & parcel)145 void FuzzClientEraseUser(Parcel &parcel)
146 {
147 IAM_LOGI("start");
148 int32_t userId = parcel.ReadInt32();
149 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
150 UserIdmClient::GetInstance().EraseUser(userId, callback);
151 UserIdmClient::GetInstance().EraseUser(userId, nullptr);
152 IAM_LOGI("end");
153 }
154
FuzzClientGetCredentialInfo(Parcel & parcel)155 void FuzzClientGetCredentialInfo(Parcel &parcel)
156 {
157 IAM_LOGI("start");
158 int32_t userId = parcel.ReadInt32();
159 auto authType = static_cast<AuthType>(parcel.ReadInt32());
160 auto callback = Common::MakeShared<DummyGetCredentialInfoCallback>();
161 UserIdmClient::GetInstance().GetCredentialInfo(userId, authType, callback);
162 UserIdmClient::GetInstance().GetCredentialInfo(userId, authType, nullptr);
163 IAM_LOGI("end");
164 }
165
FuzzClientGetSecUserInfo(Parcel & parcel)166 void FuzzClientGetSecUserInfo(Parcel &parcel)
167 {
168 IAM_LOGI("start");
169 int32_t userId = parcel.ReadInt32();
170 auto callback = Common::MakeShared<DummyGetSecUserInfoCallback>();
171 UserIdmClient::GetInstance().GetSecUserInfo(userId, callback);
172 UserIdmClient::GetInstance().GetSecUserInfo(userId, nullptr);
173 IAM_LOGI("end");
174 }
175
FuzzClientClearRedundancyCredential(Parcel & parcel)176 void FuzzClientClearRedundancyCredential(Parcel &parcel)
177 {
178 IAM_LOGI("start");
179 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
180 UserIdmClient::GetInstance().ClearRedundancyCredential(callback);
181 UserIdmClient::GetInstance().ClearRedundancyCredential(nullptr);
182 IAM_LOGI("end");
183 }
184
185 auto g_IdmCallbackService =
186 Common::MakeShared<IdmCallbackService>(Common::MakeShared<DummyUserIdmClientCallback>());
187
188 auto g_IdmGetCredInfoCallbackService =
189 Common::MakeShared<IdmGetCredInfoCallbackService>(Common::MakeShared<DummyGetCredentialInfoCallback>());
190
191 auto g_IdmGetSecureUserInfoCallbackService =
192 Common::MakeShared<IdmGetSecureUserInfoCallbackService>(Common::MakeShared<DummyGetSecUserInfoCallback>());
193
FuzzIdmCallbackServiceOnResult(Parcel & parcel)194 void FuzzIdmCallbackServiceOnResult(Parcel &parcel)
195 {
196 IAM_LOGI("start");
197 int32_t result = parcel.ReadInt32();
198 std::vector<uint8_t> attr;
199 Common::FillFuzzUint8Vector(parcel, attr);
200 Attributes extraInfo(attr);
201 if (g_IdmCallbackService != nullptr) {
202 g_IdmCallbackService->OnResult(result, extraInfo);
203 }
204 IAM_LOGI("end");
205 }
206
FuzzIdmCallbackServiceOnAcquireInfo(Parcel & parcel)207 void FuzzIdmCallbackServiceOnAcquireInfo(Parcel &parcel)
208 {
209 IAM_LOGI("start");
210 int32_t module = parcel.ReadInt32();
211 int32_t acquireInfo = parcel.ReadInt32();
212 std::vector<uint8_t> attr;
213 Common::FillFuzzUint8Vector(parcel, attr);
214 Attributes extraInfo(attr);
215 if (g_IdmCallbackService != nullptr) {
216 g_IdmCallbackService->OnAcquireInfo(module, acquireInfo, extraInfo);
217 }
218 IAM_LOGI("end");
219 }
220
FuzzCallbackServiceOnCredentialInfos(Parcel & parcel)221 void FuzzCallbackServiceOnCredentialInfos(Parcel &parcel)
222 {
223 IAM_LOGI("start");
224 CredentialInfo info = {};
225 info.authType = static_cast<AuthType>(parcel.ReadInt32());
226 info.credentialId = parcel.ReadUint64();
227 info.templateId = parcel.ReadUint64();
228 info.pinType = static_cast<PinSubType>(parcel.ReadInt32());
229 std::vector<CredentialInfo> credInfoList = {info};
230 int32_t result = parcel.ReadInt32();
231 if (g_IdmGetCredInfoCallbackService != nullptr) {
232 g_IdmGetCredInfoCallbackService->OnCredentialInfos(result, credInfoList);
233 }
234 IAM_LOGI("end");
235 }
236
FuzzCallbackServiceOnSecureUserInfo(Parcel & parcel)237 void FuzzCallbackServiceOnSecureUserInfo(Parcel &parcel)
238 {
239 IAM_LOGI("start");
240 SecUserInfo secUserInfo = {};
241 secUserInfo.secureUid = parcel.ReadUint64();
242 EnrolledInfo info = {};
243 info.authType = static_cast<AuthType>(parcel.ReadInt32());
244 info.enrolledId = parcel.ReadUint64();
245 secUserInfo.enrolledInfo = {info};
246 int32_t result = parcel.ReadInt32();
247
248 if (g_IdmGetSecureUserInfoCallbackService != nullptr) {
249 g_IdmGetSecureUserInfoCallbackService->OnSecureUserInfo(result, secUserInfo);
250 }
251 IAM_LOGI("end");
252 }
253
254 using FuzzFunc = decltype(FuzzClientOpenSession);
255 FuzzFunc *g_fuzzFuncs[] = {
256 FuzzClientOpenSession,
257 FuzzClientCloseSession,
258 FuzzClientAddCredential,
259 FuzzClientUpdateCredential,
260 FuzzClientCancel,
261 FuzzClientDeleteCredential,
262 FuzzClientDeleteUser,
263 FuzzClientEraseUser,
264 FuzzClientGetCredentialInfo,
265 FuzzClientGetSecUserInfo,
266 FuzzIdmCallbackServiceOnResult,
267 FuzzIdmCallbackServiceOnAcquireInfo,
268 FuzzCallbackServiceOnCredentialInfos,
269 FuzzCallbackServiceOnSecureUserInfo,
270 FuzzClientClearRedundancyCredential,
271 };
272
UserIdmClientFuzzTest(const uint8_t * data,size_t size)273 void UserIdmClientFuzzTest(const uint8_t *data, size_t size)
274 {
275 Parcel parcel;
276 parcel.WriteBuffer(data, size);
277 parcel.RewindRead(0);
278 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
279 auto fuzzFunc = g_fuzzFuncs[index];
280 fuzzFunc(parcel);
281 return;
282 }
283 } // namespace
284 } // namespace UserAuth
285 } // namespace UserIam
286 } // namespace OHOS
287
288 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)289 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
290 {
291 OHOS::UserIam::UserAuth::UserIdmClientFuzzTest(data, size);
292 return 0;
293 }
294