1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_auth_client_fuzzer.h"
17
18 #include "parcel.h"
19
20 #include "iam_fuzz_test.h"
21 #include "iam_logger.h"
22 #include "iam_ptr.h"
23
24 #include "modal_callback_service.h"
25 #include "user_auth_client_impl.h"
26 #include "user_auth_callback_service.h"
27 #include "user_auth_modal_inner_callback.h"
28 #include "user_auth_napi_client_impl.h"
29
30 #define LOG_TAG "USER_AUTH_SDK"
31
32 namespace OHOS {
33 namespace UserIam {
34 namespace UserAuth {
35 namespace {
36 class DummyGetPropCallback final : public GetPropCallback {
37 public:
OnResult(int32_t result,const Attributes & extraInfo)38 void OnResult(int32_t result, const Attributes &extraInfo)
39 {
40 IAM_LOGI("start");
41 static_cast<void>(result);
42 static_cast<void>(extraInfo);
43 }
44 };
45
46 class DummySetPropCallback final : public SetPropCallback {
47 public:
OnResult(int32_t result,const Attributes & extraInfo)48 void OnResult(int32_t result, const Attributes &extraInfo)
49 {
50 IAM_LOGI("start");
51 static_cast<void>(result);
52 static_cast<void>(extraInfo);
53 }
54 };
55
56 class DummyAuthenticationCallback final : public AuthenticationCallback {
57 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)58 void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
59 {
60 IAM_LOGI("start");
61 static_cast<void>(module);
62 static_cast<void>(acquireInfo);
63 static_cast<void>(extraInfo);
64 }
65
OnResult(int32_t result,const Attributes & extraInfo)66 void OnResult(int32_t result, const Attributes &extraInfo)
67 {
68 IAM_LOGI("start");
69 static_cast<void>(result);
70 static_cast<void>(extraInfo);
71 }
72 };
73
74 class DummyIdentificationCallback final : public IdentificationCallback {
75 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)76 void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
77 {
78 IAM_LOGI("start");
79 static_cast<void>(module);
80 static_cast<void>(acquireInfo);
81 static_cast<void>(extraInfo);
82 }
83
OnResult(int32_t result,const Attributes & extraInfo)84 void OnResult(int32_t result, const Attributes &extraInfo)
85 {
86 IAM_LOGI("start");
87 static_cast<void>(result);
88 static_cast<void>(extraInfo);
89 }
90 };
91
92 class DummyPrepareRemoteAuthCallback final : public PrepareRemoteAuthCallback {
93 public:
OnResult(int32_t result)94 void OnResult(int32_t result)
95 {
96 IAM_LOGI("start");
97 static_cast<void>(result);
98 }
99 };
100
101 class DummyIUserAuthWidgetCallback final : public IUserAuthWidgetCallback {
102 public:
SendCommand(const std::string & cmdData)103 void SendCommand(const std::string &cmdData)
104 {
105 IAM_LOGI("start");
106 static_cast<void>(cmdData);
107 }
108 };
109
110 class DummyAuthSuccessEventListener final : public AuthSuccessEventListener {
111 public:
OnNotifyAuthSuccessEvent(int32_t userId,AuthType authType,int32_t callerType,const std::string & callerName)112 void OnNotifyAuthSuccessEvent(int32_t userId, AuthType authType, int32_t callerType, const std::string &callerName)
113 {
114 IAM_LOGI("start");
115 static_cast<void>(userId);
116 static_cast<void>(authType);
117 static_cast<void>(callerType);
118 static_cast<void>(callerName);
119 }
120 };
121
FuzzClientGetEnrolledState(Parcel & parcel)122 void FuzzClientGetEnrolledState(Parcel &parcel)
123 {
124 IAM_LOGI("start");
125 auto apiVersion = parcel.ReadInt32();
126 auto authType = static_cast<AuthType>(parcel.ReadInt32());
127 EnrolledState enrolledState = {};
128 UserAuthClientImpl::Instance().GetEnrolledState(apiVersion, authType, enrolledState);
129 IAM_LOGI("end");
130 }
131
FuzzClientGetAvailableStatus(Parcel & parcel)132 void FuzzClientGetAvailableStatus(Parcel &parcel)
133 {
134 IAM_LOGI("start");
135 auto authType = static_cast<AuthType>(parcel.ReadInt32());
136 auto atl = static_cast<AuthTrustLevel>(parcel.ReadUint32());
137 auto userId = static_cast<AuthTrustLevel>(parcel.ReadInt32());
138 auto apiVersion = static_cast<AuthTrustLevel>(parcel.ReadInt32());
139 UserAuthClientImpl::Instance().GetAvailableStatus(userId, authType, atl);
140 UserAuthClientImpl::Instance().GetNorthAvailableStatus(apiVersion, authType, atl);
141 UserAuthClientImpl::Instance().GetAvailableStatus(authType, atl);
142 IAM_LOGI("end");
143 }
144
FuzzClientGetProperty(Parcel & parcel)145 void FuzzClientGetProperty(Parcel &parcel)
146 {
147 IAM_LOGI("start");
148 int32_t userId = parcel.ReadInt32();
149 GetPropertyRequest request = {};
150 request.authType = static_cast<AuthType>(parcel.ReadInt32());
151 request.keys.push_back(static_cast<Attributes::AttributeKey>(parcel.ReadUint32()));
152 auto callback = Common::MakeShared<DummyGetPropCallback>();
153 UserAuthClient::GetInstance().GetProperty(userId, request, callback);
154 UserAuthClient::GetInstance().GetProperty(userId, request, nullptr);
155 IAM_LOGI("end");
156 }
157
FuzzClientSetProperty(Parcel & parcel)158 void FuzzClientSetProperty(Parcel &parcel)
159 {
160 IAM_LOGI("start");
161 int32_t userId = parcel.ReadInt32();
162 SetPropertyRequest request = {};
163 request.authType = static_cast<AuthType>(parcel.ReadInt32());
164 request.mode = static_cast<PropertyMode>(parcel.ReadUint32());
165 auto callback = Common::MakeShared<DummySetPropCallback>();
166 UserAuthClient::GetInstance().SetProperty(userId, request, callback);
167 UserAuthClient::GetInstance().SetProperty(userId, request, nullptr);
168 IAM_LOGI("end");
169 }
170
FuzzClientBeginAuthentication001(Parcel & parcel)171 void FuzzClientBeginAuthentication001(Parcel &parcel)
172 {
173 IAM_LOGI("start");
174 AuthParam authParam = {};
175 authParam.userId = parcel.ReadInt32();
176 Common::FillFuzzUint8Vector(parcel, authParam.challenge);
177 authParam.authType = static_cast<AuthType>(parcel.ReadInt32());
178 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadUint32());
179 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
180 UserAuthClient::GetInstance().BeginAuthentication(authParam, callback);
181 UserAuthClient::GetInstance().BeginAuthentication(authParam, nullptr);
182 IAM_LOGI("end");
183 }
184
FuzzClientBeginAuthentication002(Parcel & parcel)185 void FuzzClientBeginAuthentication002(Parcel &parcel)
186 {
187 IAM_LOGI("start");
188 int32_t apiVersion = parcel.ReadInt32();
189 std::vector<uint8_t> challenge;
190 Common::FillFuzzUint8Vector(parcel, challenge);
191 auto authType = static_cast<AuthType>(parcel.ReadInt32());
192 auto atl = static_cast<AuthTrustLevel>(parcel.ReadUint32());
193 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
194 UserAuthClientImpl::Instance().BeginNorthAuthentication(apiVersion, challenge, authType, atl, callback);
195 UserAuthClientImpl::Instance().BeginNorthAuthentication(apiVersion, challenge, authType, atl, nullptr);
196 IAM_LOGI("end");
197 }
198
FuzzClientCancelAuthentication(Parcel & parcel)199 void FuzzClientCancelAuthentication(Parcel &parcel)
200 {
201 IAM_LOGI("start");
202 uint64_t contextId = parcel.ReadUint64();
203 UserAuthClient::GetInstance().CancelAuthentication(contextId);
204 IAM_LOGI("end");
205 }
206
FuzzClientBeginIdentification(Parcel & parcel)207 void FuzzClientBeginIdentification(Parcel &parcel)
208 {
209 IAM_LOGI("start");
210 std::vector<uint8_t> challenge;
211 Common::FillFuzzUint8Vector(parcel, challenge);
212 auto authType = static_cast<AuthType>(parcel.ReadInt32());
213 auto callback = Common::MakeShared<DummyIdentificationCallback>();
214 UserAuthClient::GetInstance().BeginIdentification(challenge, authType, callback);
215 UserAuthClient::GetInstance().BeginIdentification(challenge, authType, nullptr);
216 IAM_LOGI("end");
217 }
218
FuzzCancelIdentification(Parcel & parcel)219 void FuzzCancelIdentification(Parcel &parcel)
220 {
221 IAM_LOGI("start");
222 uint64_t contextId = parcel.ReadUint64();
223 UserAuthClient::GetInstance().CancelIdentification(contextId);
224 IAM_LOGI("end");
225 }
226
FuzzClientGetVersion(Parcel & parcel)227 void FuzzClientGetVersion(Parcel &parcel)
228 {
229 IAM_LOGI("start");
230 static_cast<void>(parcel.ReadInt32());
231 int32_t version = -1;
232 UserAuthClientImpl::Instance().GetVersion(version);
233 IAM_LOGI("end");
234 }
235
FuzzClientRegistUserAuthSuccessEventListener(Parcel & parcel)236 void FuzzClientRegistUserAuthSuccessEventListener(Parcel &parcel)
237 {
238 IAM_LOGI("start");
239 std::vector<AuthType> authTypeList;
240 authTypeList.push_back(AuthType::PIN);
241 authTypeList.push_back(AuthType::FACE);
242 authTypeList.push_back(AuthType::FINGERPRINT);
243 auto listener = Common::MakeShared<DummyAuthSuccessEventListener>();
244 UserAuthClientImpl::Instance().RegistUserAuthSuccessEventListener(authTypeList, listener);
245 IAM_LOGI("end");
246 }
247
FuzzClientUnRegistUserAuthSuccessEventListener(Parcel & Parcel)248 void FuzzClientUnRegistUserAuthSuccessEventListener(Parcel &Parcel)
249 {
250 IAM_LOGI("start");
251 auto listener = Common::MakeShared<DummyAuthSuccessEventListener>();
252 UserAuthClientImpl::Instance().UnRegistUserAuthSuccessEventListener(listener);
253 IAM_LOGI("end");
254 }
255
FuzzClientSetGlobalConfigParam(Parcel & parcel)256 void FuzzClientSetGlobalConfigParam(Parcel &parcel)
257 {
258 IAM_LOGI("start");
259 GlobalConfigParam param = {};
260 UserAuthClientImpl::Instance().SetGlobalConfigParam(param);
261 IAM_LOGI("end");
262 }
263
FuzzClientPrepareRemoteAuth(Parcel & parcel)264 void FuzzClientPrepareRemoteAuth(Parcel &parcel)
265 {
266 IAM_LOGI("start");
267 std::string networkId = parcel.ReadString();
268 auto callback = Common::MakeShared<DummyPrepareRemoteAuthCallback>();
269 UserAuthClientImpl::Instance().PrepareRemoteAuth(networkId, callback);
270 UserAuthClientImpl::Instance().PrepareRemoteAuth(networkId, nullptr);
271 IAM_LOGI("end");
272 }
273
FuzzBeginWidgetAuth(Parcel & parcel)274 void FuzzBeginWidgetAuth(Parcel &parcel)
275 {
276 IAM_LOGI("start");
277 int32_t apiVersion = parcel.ReadInt32();
278 WidgetAuthParam authParam;
279 WidgetParam widgetParam;
280 Common::FillFuzzUint8Vector(parcel, authParam.challenge);
281 std::vector<int32_t> atList;
282 parcel.ReadInt32Vector(&atList);
283 for (auto at : atList) {
284 authParam.authTypes.push_back(static_cast<AuthType>(at));
285 }
286 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
287 widgetParam.title = parcel.ReadString();
288 widgetParam.navigationButtonText = parcel.ReadString();
289 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
290 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
291 UserAuthClientImpl::Instance().BeginWidgetAuth(apiVersion, authParam, widgetParam, callback);
292 UserAuthClientImpl::Instance().BeginWidgetAuth(authParam, widgetParam, callback);
293 IAM_LOGI("end");
294 }
295
FuzzNapiBeginWidgetAuth(Parcel & parcel)296 void FuzzNapiBeginWidgetAuth(Parcel &parcel)
297 {
298 IAM_LOGI("start");
299 int32_t apiVersion = parcel.ReadInt32();
300 AuthParamInner authParam;
301 UserAuthNapiClientImpl::WidgetParamNapi widgetParam;
302 Common::FillFuzzUint8Vector(parcel, authParam.challenge);
303 std::vector<int32_t> atList;
304 parcel.ReadInt32Vector(&atList);
305 for (auto at : atList) {
306 authParam.authTypes.push_back(static_cast<AuthType>(at));
307 }
308 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
309 widgetParam.title = parcel.ReadString();
310 widgetParam.navigationButtonText = parcel.ReadString();
311 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
312 auto callback = Common::MakeShared<DummyAuthenticationCallback>();
313 std::shared_ptr<UserAuthModalInnerCallback> modalCallback = Common::MakeShared<UserAuthModalInnerCallback>();
314 UserAuthNapiClientImpl::Instance().BeginWidgetAuth(apiVersion, authParam, widgetParam, callback, modalCallback);
315 uint64_t contextId = parcel.ReadUint64();
316 int32_t cancelReason = parcel.ReadInt32();
317 UserAuthNapiClientImpl::Instance().CancelAuthentication(contextId, cancelReason);
318 IAM_LOGI("end");
319 }
320
FuzzSetWidgetCallback(Parcel & parcel)321 void FuzzSetWidgetCallback(Parcel &parcel)
322 {
323 IAM_LOGI("start");
324 int32_t version = -1;
325 auto callback = Common::MakeShared<DummyIUserAuthWidgetCallback>();
326 UserAuthClientImpl::Instance().SetWidgetCallback(version, callback);
327 IAM_LOGI("end");
328 }
329
FuzzNotice(Parcel & parcel)330 void FuzzNotice(Parcel &parcel)
331 {
332 IAM_LOGI("start");
333 NoticeType noticeType = static_cast<NoticeType>(parcel.ReadInt32());
334 std::string eventData = parcel.ReadString();
335 UserAuthClientImpl::Instance().Notice(noticeType, eventData);
336 IAM_LOGI("end");
337 }
338
339 auto g_UserAuthCallbackService =
340 Common::MakeShared<UserAuthCallbackService>(Common::MakeShared<DummyAuthenticationCallback>());
341
342 auto g_GetPropCallbackService =
343 Common::MakeShared<GetExecutorPropertyCallbackService>(Common::MakeShared<DummyGetPropCallback>());
344
345 auto g_SetPropCallbackService =
346 Common::MakeShared<SetExecutorPropertyCallbackService>(Common::MakeShared<DummySetPropCallback>());
347
FuzzUserAuthCallbackServiceOnResult(Parcel & parcel)348 void FuzzUserAuthCallbackServiceOnResult(Parcel &parcel)
349 {
350 IAM_LOGI("start");
351 int32_t result = parcel.ReadInt32();
352 std::vector<uint8_t> attr;
353 Common::FillFuzzUint8Vector(parcel, attr);
354 Attributes extraInfo(attr);
355 if (g_UserAuthCallbackService != nullptr) {
356 g_UserAuthCallbackService->OnResult(result, extraInfo.Serialize());
357 }
358 IAM_LOGI("end");
359 }
360
FuzzUserAuthCallbackServiceOnAcquireInfo(Parcel & parcel)361 void FuzzUserAuthCallbackServiceOnAcquireInfo(Parcel &parcel)
362 {
363 IAM_LOGI("start");
364 int32_t result = parcel.ReadInt32();
365 int32_t acquireInfo = parcel.ReadInt32();
366 std::vector<uint8_t> attr;
367 Common::FillFuzzUint8Vector(parcel, attr);
368 Attributes extraInfo(attr);
369 if (g_UserAuthCallbackService != nullptr) {
370 g_UserAuthCallbackService->OnAcquireInfo(result, acquireInfo, extraInfo.Serialize());
371 }
372 IAM_LOGI("end");
373 }
374
FuzzGetPropCallbackServiceOnPropResult(Parcel & parcel)375 void FuzzGetPropCallbackServiceOnPropResult(Parcel &parcel)
376 {
377 IAM_LOGI("start");
378 int32_t result = parcel.ReadInt32();
379 std::vector<uint8_t> attr;
380 Common::FillFuzzUint8Vector(parcel, attr);
381 Attributes extraInfo(attr);
382 if (g_GetPropCallbackService != nullptr) {
383 g_GetPropCallbackService->OnGetExecutorPropertyResult(result, extraInfo.Serialize());
384 }
385 IAM_LOGI("end");
386 }
387
FuzzSetPropCallbackServiceOnPropResult(Parcel & parcel)388 void FuzzSetPropCallbackServiceOnPropResult(Parcel &parcel)
389 {
390 IAM_LOGI("start");
391 int32_t result = parcel.ReadInt32();
392 if (g_SetPropCallbackService != nullptr) {
393 g_SetPropCallbackService->OnSetExecutorPropertyResult(result);
394 }
395 IAM_LOGI("end");
396 }
397
FuzzSetGlobalConfigParam(Parcel & parcel)398 void FuzzSetGlobalConfigParam(Parcel &parcel)
399 {
400 IAM_LOGI("start");
401 GlobalConfigParam param = {};
402 param.value.pinExpiredPeriod = parcel.ReadUint64();
403 param.type = static_cast<GlobalConfigType>(parcel.ReadInt32());
404 UserAuthClientImpl::Instance().SetGlobalConfigParam(param);
405 IAM_LOGI("end");
406 }
407
FuzzQueryReusableAuthResult(Parcel & parcel)408 void FuzzQueryReusableAuthResult(Parcel &parcel)
409 {
410 IAM_LOGI("start");
411 std::vector<uint8_t> token;
412 WidgetAuthParam authParam = {};
413 authParam.userId = parcel.ReadInt32();
414 Common::FillFuzzUint8Vector(parcel, authParam.challenge);
415 authParam.authTypes.push_back(static_cast<AuthType>(parcel.ReadInt32()));
416 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadUint32());
417 authParam.reuseUnlockResult.isReuse = parcel.ReadBool();
418 authParam.reuseUnlockResult.reuseMode = static_cast<ReuseMode>(parcel.ReadInt32());
419 authParam.reuseUnlockResult.reuseDuration = parcel.ReadUint64();
420 UserAuthClientImpl::Instance().QueryReusableAuthResult(authParam, token);
421 IAM_LOGI("end");
422 }
423
424 using FuzzFunc = decltype(FuzzClientGetAvailableStatus);
425 FuzzFunc *g_fuzzFuncs[] = {
426 FuzzClientGetEnrolledState,
427 FuzzClientGetAvailableStatus,
428 FuzzClientGetProperty,
429 FuzzClientSetProperty,
430 FuzzClientBeginAuthentication001,
431 FuzzClientBeginAuthentication002,
432 FuzzClientCancelAuthentication,
433 FuzzClientBeginIdentification,
434 FuzzClientRegistUserAuthSuccessEventListener,
435 FuzzClientUnRegistUserAuthSuccessEventListener,
436 FuzzClientSetGlobalConfigParam,
437 FuzzClientPrepareRemoteAuth,
438 FuzzCancelIdentification,
439 FuzzClientGetVersion,
440 FuzzBeginWidgetAuth,
441 FuzzSetWidgetCallback,
442 FuzzNotice,
443 FuzzUserAuthCallbackServiceOnResult,
444 FuzzUserAuthCallbackServiceOnAcquireInfo,
445 FuzzGetPropCallbackServiceOnPropResult,
446 FuzzSetPropCallbackServiceOnPropResult,
447 FuzzSetGlobalConfigParam,
448 FuzzNapiBeginWidgetAuth,
449 FuzzQueryReusableAuthResult,
450 };
451
UserAuthClientFuzzTest(const uint8_t * data,size_t size)452 void UserAuthClientFuzzTest(const uint8_t *data, size_t size)
453 {
454 Parcel parcel;
455 parcel.WriteBuffer(data, size);
456 parcel.RewindRead(0);
457 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
458 auto fuzzFunc = g_fuzzFuncs[index];
459 fuzzFunc(parcel);
460 return;
461 }
462 } // namespace
463 } // namespace UserAuth
464 } // namespace UserIam
465 } // namespace OHOS
466
467 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)468 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
469 {
470 OHOS::UserIam::UserAuth::UserAuthClientFuzzTest(data, size);
471 return 0;
472 }
473