1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_auth_service_fuzzer.h"
17
18 #include <cinttypes>
19 #include <cstddef>
20 #include <cstdint>
21
22 #include "parcel.h"
23
24 #include "iam_fuzz_test.h"
25 #include "iam_logger.h"
26 #include "mock_ipc_common.h"
27 #include "user_auth_service.h"
28 #include "user_auth_common_defines.h"
29 #include "dummy_iam_callback_interface.h"
30
31 #undef private
32
33 #ifdef LOG_LABEL
34 #undef LOG_LABEL
35 #endif
36 #define LOG_TAG "USER_AUTH_SA"
37
38 using namespace std;
39 using namespace OHOS::UserIam::Common;
40 using namespace OHOS::UserIam::UserAuth;
41
42 namespace OHOS {
43 namespace UserIam {
44 namespace UserAuth {
45 namespace {
46 class DummyUserAuthCallback : public IIamCallback {
47 public:
48 ~DummyUserAuthCallback() override = default;
49
OnAcquireInfo(int32_t module,int32_t acquireInfo,const std::vector<uint8_t> & extraInfo)50 int32_t OnAcquireInfo(int32_t module, int32_t acquireInfo, const std::vector<uint8_t> &extraInfo) override
51 {
52 IAM_LOGI("start");
53 static_cast<void>(module);
54 static_cast<void>(acquireInfo);
55 static_cast<void>(extraInfo);
56 return SUCCESS;
57 }
58
OnResult(int32_t result,const std::vector<uint8_t> & extraInfo)59 int32_t OnResult(int32_t result, const std::vector<uint8_t> &extraInfo) override
60 {
61 IAM_LOGI("start");
62 static_cast<void>(result);
63 static_cast<void>(extraInfo);
64 return SUCCESS;
65 }
66
AsObject()67 sptr<IRemoteObject> AsObject() override
68 {
69 sptr<IRemoteObject> tmp(nullptr);
70 return tmp;
71 }
72 };
73
74 class DummyGetExecutorPropertyCallback : public IGetExecutorPropertyCallback {
75 public:
76 ~DummyGetExecutorPropertyCallback() override = default;
77
OnGetExecutorPropertyResult(int32_t result,const std::vector<uint8_t> & attributes)78 int32_t OnGetExecutorPropertyResult(int32_t result, const std::vector<uint8_t> &attributes) override
79 {
80 IAM_LOGI("start");
81 return SUCCESS;
82 }
83
AsObject()84 sptr<IRemoteObject> AsObject() override
85 {
86 sptr<IRemoteObject> tmp(nullptr);
87 return tmp;
88 }
89 };
90
91 class DummySetExecutorPropertyCallback : public ISetExecutorPropertyCallback {
92 public:
93 ~DummySetExecutorPropertyCallback() override = default;
94
OnSetExecutorPropertyResult(int32_t resultCode)95 int32_t OnSetExecutorPropertyResult(int32_t resultCode) override
96 {
97 IAM_LOGI("start");
98 return SUCCESS;
99 }
100
AsObject()101 sptr<IRemoteObject> AsObject() override
102 {
103 sptr<IRemoteObject> tmp(nullptr);
104 return tmp;
105 }
106 };
107
108 class DummyWidgetCallback : public IWidgetCallback {
109 public:
SendCommand(const std::string & cmdData)110 int32_t SendCommand(const std::string &cmdData) override
111 {
112 IAM_LOGI("start");
113 return SUCCESS;
114 }
115
AsObject()116 sptr<IRemoteObject> AsObject() override
117 {
118 sptr<IRemoteObject> tmp(nullptr);
119 return tmp;
120 }
121 };
122
123 class DummyAuthEventListener : public IEventListenerCallback {
124 public:
125 ~DummyAuthEventListener() override = default;
126
AsObject()127 sptr<IRemoteObject> AsObject() override
128 {
129 sptr<IRemoteObject> tmp(nullptr);
130 return tmp;
131 }
132
OnNotifyAuthSuccessEvent(int32_t userId,int32_t authType,int32_t callerType,const std::string & callerName)133 int32_t OnNotifyAuthSuccessEvent(int32_t userId, int32_t authType, int32_t callerType,
134 const std::string &callerName) override
135 {
136 IAM_LOGI("start");
137 return SUCCESS;
138 }
OnNotifyCredChangeEvent(int32_t userId,int32_t authType,int32_t eventType,const IpcCredChangeEventInfo & changeInfo)139 int32_t OnNotifyCredChangeEvent(int32_t userId, int32_t authType, int32_t eventType,
140 const IpcCredChangeEventInfo &changeInfo) override
141 {
142 IAM_LOGI("start");
143 return SUCCESS;
144 }
145 };
146
147 class DummyVerifyTokenCallback : public IVerifyTokenCallback {
148 public:
149 ~DummyVerifyTokenCallback() override = default;
150
OnVerifyTokenResult(int32_t result,const std::vector<uint8_t> & attributes)151 int32_t OnVerifyTokenResult(int32_t result, const std::vector<uint8_t> &attributes) override
152 {
153 IAM_LOGI("start");
154 return SUCCESS;
155 }
156
AsObject()157 sptr<IRemoteObject> AsObject() override
158 {
159 sptr<IRemoteObject> tmp(nullptr);
160 return tmp;
161 }
162 };
163
164 UserAuthService g_userAuthService;
165
FuzzGetResourseNode(Parcel & parcel)166 void FuzzGetResourseNode(Parcel &parcel)
167 {
168 IAM_LOGI("begin");
169 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
170 g_userAuthService.GetResourseNode(authType);
171 g_userAuthService.ProcessWidgetSessionExclusive();
172 uint32_t code = parcel.ReadUint32();
173 int32_t result = parcel.ReadInt32();
174 g_userAuthService.CallbackEnter(code);
175 g_userAuthService.CallbackExit(code, result);
176 IAM_LOGI("end");
177 }
178
FuzzGetEnrolledState(Parcel & parcel)179 void FuzzGetEnrolledState(Parcel &parcel)
180 {
181 IAM_LOGI("begin");
182 int32_t apiVersion = parcel.ReadInt32();
183 int32_t authType = parcel.ReadInt32();
184 IpcEnrolledState enrolledState = {};
185 int32_t funcResult = SUCCESS;
186 g_userAuthService.GetEnrolledState(apiVersion, authType, enrolledState, funcResult);
187 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
188 g_userAuthService.GetEnrolledState(apiVersion, authType, enrolledState, funcResult);
189 IpcCommon::DeleteAllPermission();
190 IAM_LOGI("end");
191 }
192
FuzzGetAvailableStatusOtherScene(Parcel & parcel)193 void FuzzGetAvailableStatusOtherScene(Parcel &parcel)
194 {
195 IAM_LOGI("begin");
196 int32_t apiVersion = 8;
197 int32_t pin = 1;
198 int32_t authTrustLevel = parcel.ReadInt32();
199 int32_t userId = parcel.ReadInt32();
200 int32_t funcResult = SUCCESS;
201 g_userAuthService.GetAvailableStatus(apiVersion, userId, pin, authTrustLevel, funcResult);
202 g_userAuthService.GetAvailableStatus(apiVersion, pin, authTrustLevel, funcResult);
203 IAM_LOGI("end");
204 }
205
FuzzGetAvailableStatus(Parcel & parcel)206 void FuzzGetAvailableStatus(Parcel &parcel)
207 {
208 IAM_LOGI("begin");
209 int32_t apiVersion = parcel.ReadInt32();
210 int32_t authType = parcel.ReadInt32();
211 int32_t authTrustLevel = parcel.ReadInt32();
212 int32_t userId = parcel.ReadInt32();
213 int32_t funcResult = SUCCESS;
214 g_userAuthService.GetAvailableStatus(apiVersion, userId, authType, authTrustLevel, funcResult);
215 g_userAuthService.GetAvailableStatus(apiVersion, authType, authTrustLevel, funcResult);
216 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
217 IpcCommon::AddPermission(ACCESS_BIOMETRIC_PERMISSION);
218 g_userAuthService.GetAvailableStatus(apiVersion, userId, authType, authTrustLevel, funcResult);
219 g_userAuthService.GetAvailableStatus(apiVersion, authType, authTrustLevel, funcResult);
220 FuzzGetAvailableStatusOtherScene(parcel);
221 IpcCommon::DeleteAllPermission();
222 IAM_LOGI("end");
223 }
224
FuzzGetProperty(Parcel & parcel)225 void FuzzGetProperty(Parcel &parcel)
226 {
227 IAM_LOGI("begin");
228 constexpr uint32_t maxDataLen = 50;
229 int32_t userId = parcel.ReadInt32();
230 int32_t authType = parcel.ReadInt32();
231 std::vector<uint32_t> keys;
232 uint32_t keysLen = parcel.ReadUint32() % maxDataLen;
233 keys.reserve(keysLen);
234 for (uint32_t i = 0; i < keysLen; i++) {
235 keys.emplace_back(parcel.ReadUint32());
236 }
237
238 sptr<IGetExecutorPropertyCallback> callback(nullptr);
239 if (parcel.ReadBool()) {
240 callback = sptr<IGetExecutorPropertyCallback>(new (std::nothrow) DummyGetExecutorPropertyCallback());
241 }
242 g_userAuthService.GetProperty(userId, authType, keys, callback);
243 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
244 g_userAuthService.GetProperty(userId, authType, keys, callback);
245 IpcCommon::DeleteAllPermission();
246 IAM_LOGI("end");
247 }
248
FuzzSetProperty(Parcel & parcel)249 void FuzzSetProperty(Parcel &parcel)
250 {
251 IAM_LOGI("begin");
252 int32_t userId = parcel.ReadInt32();
253 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
254 vector<uint8_t> attributesRaw;
255 FillFuzzUint8Vector(parcel, attributesRaw);
256 Attributes attributes(attributesRaw);
257 sptr<ISetExecutorPropertyCallback> callback(nullptr);
258 if (parcel.ReadBool()) {
259 callback = sptr<ISetExecutorPropertyCallback>(new (nothrow) DummySetExecutorPropertyCallback());
260 }
261
262 g_userAuthService.SetProperty(userId, authType, attributes.Serialize(), callback);
263 IpcCommon::AddPermission(ACCESS_BIOMETRIC_PERMISSION);
264 g_userAuthService.SetProperty(userId, authType, attributes.Serialize(), callback);
265 IpcCommon::DeleteAllPermission();
266 IAM_LOGI("end");
267 }
268
FuzzAuth(Parcel & parcel)269 void FuzzAuth(Parcel &parcel)
270 {
271 IAM_LOGI("begin");
272 int32_t apiVersion = parcel.ReadInt32();
273 std::vector<uint8_t> challenge;
274 FillFuzzUint8Vector(parcel, challenge);
275 IpcAuthParamInner ipcAuthParamInner = {};
276 ipcAuthParamInner.challenge = challenge;
277 ipcAuthParamInner.authType = parcel.ReadInt32();
278 ipcAuthParamInner.authTrustLevel = parcel.ReadInt32();
279 sptr<IIamCallback> callback(nullptr);
280 if (parcel.ReadBool()) {
281 callback = sptr<IIamCallback>(new (std::nothrow) DummyUserAuthCallback());
282 }
283 uint64_t contextId = 0;
284 g_userAuthService.Auth(apiVersion, ipcAuthParamInner, callback, contextId);
285 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
286 g_userAuthService.Auth(apiVersion, ipcAuthParamInner, callback, contextId);
287 IpcCommon::DeleteAllPermission();
288 IAM_LOGI("end");
289 }
290
FuzzAuthUser(Parcel & parcel)291 void FuzzAuthUser(Parcel &parcel)
292 {
293 IAM_LOGI("begin");
294 std::vector<uint8_t> challenge;
295 FillFuzzUint8Vector(parcel, challenge);
296 sptr<IIamCallback> callback(nullptr);
297 if (parcel.ReadBool()) {
298 callback = sptr<IIamCallback>(new (nothrow) DummyUserAuthCallback());
299 }
300 IpcAuthParamInner param = {
301 .userId = parcel.ReadInt32(),
302 .challenge = challenge,
303 .authType = parcel.ReadInt32(),
304 .authTrustLevel = parcel.ReadInt32(),
305 };
306 IpcRemoteAuthParam remoteAuthParam = {
307 .isHasRemoteAuthParam = parcel.ReadBool(),
308 };
309 uint64_t contextId = 0;
310 g_userAuthService.AuthUser(param, remoteAuthParam, callback, contextId);
311 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
312 g_userAuthService.AuthUser(param, remoteAuthParam, callback, contextId);
313 IpcCommon::DeleteAllPermission();
314 IAM_LOGI("end");
315 }
316
FuzzDoPrepareRemoteAuth(Parcel & parcel)317 void FuzzDoPrepareRemoteAuth(Parcel &parcel)
318 {
319 IAM_LOGI("begin");
320 const std::string networkId = parcel.ReadString();
321 g_userAuthService.DoPrepareRemoteAuth(networkId);
322 IAM_LOGI("end");
323 }
324
FuzzIdentify(Parcel & parcel)325 void FuzzIdentify(Parcel &parcel)
326 {
327 IAM_LOGI("begin");
328 std::vector<uint8_t> challenge;
329 FillFuzzUint8Vector(parcel, challenge);
330 int32_t authType = parcel.ReadInt32();
331 sptr<IIamCallback> callback(nullptr);
332 if (parcel.ReadBool()) {
333 callback = sptr<IIamCallback>(new (nothrow) DummyUserAuthCallback());
334 }
335 uint64_t contextId = 0;
336 g_userAuthService.Identify(challenge, authType, callback, contextId);
337 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
338 g_userAuthService.Identify(challenge, authType, callback, contextId);
339 IpcCommon::DeleteAllPermission();
340 IAM_LOGI("end");
341 }
342
FuzzCancelAuthOrIdentify(Parcel & parcel)343 void FuzzCancelAuthOrIdentify(Parcel &parcel)
344 {
345 IAM_LOGI("begin");
346 uint64_t contextId = parcel.ReadUint64();
347 int32_t cancelReason = parcel.ReadInt32();
348 g_userAuthService.CancelAuthOrIdentify(contextId, cancelReason);
349 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
350 IpcCommon::AddPermission(ACCESS_BIOMETRIC_PERMISSION);
351 g_userAuthService.CancelAuthOrIdentify(contextId, cancelReason);
352 IpcCommon::DeleteAllPermission();
353 IAM_LOGI("end");
354 }
355
FuzzGetVersion(Parcel & parcel)356 void FuzzGetVersion(Parcel &parcel)
357 {
358 IAM_LOGI("begin");
359 int32_t version = -1;
360 g_userAuthService.GetVersion(version);
361 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
362 IpcCommon::AddPermission(ACCESS_BIOMETRIC_PERMISSION);
363 g_userAuthService.GetVersion(version);
364 IpcCommon::DeleteAllPermission();
365 IAM_LOGI("end");
366 }
367
FuzzAuthWidget(Parcel & parcel)368 void FuzzAuthWidget(Parcel &parcel)
369 {
370 IAM_LOGI("begin");
371 int32_t apiVersion = parcel.ReadInt32();
372 IpcAuthParamInner authParam;
373 IpcWidgetParamInner widgetParam;
374 FillFuzzUint8Vector(parcel, authParam.challenge);
375 std::vector<int32_t> atList;
376 parcel.ReadInt32Vector(&authParam.authTypes);
377 authParam.authTrustLevel = parcel.ReadInt32();
378 authParam.isUserIdSpecified = true;
379 sptr<IIamCallback> callback(nullptr);
380 widgetParam.title = parcel.ReadString();
381 widgetParam.navigationButtonText = parcel.ReadString();
382 widgetParam.windowMode = parcel.ReadInt32();
383 if (parcel.ReadBool()) {
384 callback = sptr<IIamCallback>(new (std::nothrow) DummyUserAuthCallback());
385 }
386 sptr<IModalCallback> testModalCallback(nullptr);
387 uint64_t contextId = 0;
388 g_userAuthService.AuthWidget(apiVersion, authParam, widgetParam, callback, testModalCallback, contextId);
389 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
390 g_userAuthService.AuthWidget(apiVersion, authParam, widgetParam, callback, testModalCallback, contextId);
391 IpcCommon::DeleteAllPermission();
392 IAM_LOGI("end");
393 }
394
FuzzStartAuthWidget(Parcel & parcel)395 void FuzzStartAuthWidget(Parcel &parcel)
396 {
397 IAM_LOGI("begin");
398 int32_t apiVersion = parcel.ReadInt32();
399 AuthParamInner authParam;
400 WidgetParamInner widgetParam;
401 FillFuzzUint8Vector(parcel, authParam.challenge);
402 std::vector<int32_t> atList;
403 authParam.authType = static_cast<AuthType>(parcel.ReadInt32());
404 authParam.authTypes = {PIN, FACE, FINGERPRINT};
405 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
406 authParam.isUserIdSpecified = true;
407 widgetParam.title = parcel.ReadString();
408 widgetParam.navigationButtonText = parcel.ReadString();
409 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
410 sptr<IIamCallback> iamCallback = sptr<IIamCallback>(new (nothrow) DummyIamCallbackInterface);
411 std::shared_ptr<ContextCallback> contextCallback =
412 ContextCallback::NewInstance(iamCallback, TRACE_AUTH_USER_SECURITY);
413 sptr<IModalCallback> testModalCallback(nullptr);
414 uint64_t contextId = 0;
415 ContextFactory::AuthWidgetContextPara para;
416 para.sdkVersion = apiVersion;
417 g_userAuthService.StartAuthWidget(authParam, widgetParam, para, contextCallback, testModalCallback, contextId);
418 IAM_LOGI("end");
419 }
420
FuzzNotice(Parcel & parcel)421 void FuzzNotice(Parcel &parcel)
422 {
423 IAM_LOGI("begin");
424 int32_t noticeType = parcel.ReadInt32();
425 std::string eventData = parcel.ReadString();
426 g_userAuthService.Notice(noticeType, eventData);
427 IpcCommon::AddPermission(IS_SYSTEM_APP);
428 g_userAuthService.Notice(noticeType, eventData);
429 IpcCommon::AddPermission(SUPPORT_USER_AUTH);
430 g_userAuthService.Notice(noticeType, eventData);
431 IpcCommon::DeleteAllPermission();
432 IAM_LOGI("end");
433 }
434
FuzzRegisterWidgetCallback(Parcel & parcel)435 void FuzzRegisterWidgetCallback(Parcel &parcel)
436 {
437 IAM_LOGI("begin");
438 int32_t version = parcel.ReadInt32();
439 sptr<IWidgetCallback> callback(nullptr);
440 if (parcel.ReadBool()) {
441 callback = sptr<IWidgetCallback>(new (std::nothrow) DummyWidgetCallback());
442 }
443 g_userAuthService.RegisterWidgetCallback(version, callback);
444 IpcCommon::AddPermission(IS_SYSTEM_APP);
445 g_userAuthService.RegisterWidgetCallback(version, callback);
446 IpcCommon::AddPermission(SUPPORT_USER_AUTH);
447 g_userAuthService.RegisterWidgetCallback(version, callback);
448 IpcCommon::DeleteAllPermission();
449 IAM_LOGI("end");
450 }
451
FuzzRegistUserAuthSuccessEventListener(Parcel & parcel)452 void FuzzRegistUserAuthSuccessEventListener(Parcel &parcel)
453 {
454 IAM_LOGI("begin");
455 sptr<IEventListenerCallback> callback(nullptr);
456 if (parcel.ReadBool()) {
457 callback = sptr<IEventListenerCallback>(new (std::nothrow) DummyAuthEventListener());
458 }
459
460 g_userAuthService.RegistUserAuthSuccessEventListener(callback);
461 g_userAuthService.UnRegistUserAuthSuccessEventListener(callback);
462 IAM_LOGI("end");
463 }
464
FuzzSetGlobalConfigParam(Parcel & parcel)465 void FuzzSetGlobalConfigParam(Parcel &parcel)
466 {
467 IAM_LOGI("start");
468 IpcGlobalConfigParam param = {};
469 param.value.pinExpiredPeriod = parcel.ReadUint64();
470 param.type = parcel.ReadInt32();
471 g_userAuthService.SetGlobalConfigParam(param);
472 IAM_LOGI("end");
473 }
474
FuzzPrepareRemoteAuth(Parcel & parcel)475 void FuzzPrepareRemoteAuth(Parcel &parcel)
476 {
477 IAM_LOGI("begin");
478 std::string networkId = parcel.ReadString();
479 sptr<IIamCallback> callback(nullptr);
480 if (parcel.ReadBool()) {
481 callback = sptr<IIamCallback>(new (nothrow) DummyUserAuthCallback());
482 }
483 g_userAuthService.PrepareRemoteAuth(networkId, callback);
484 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
485 g_userAuthService.PrepareRemoteAuth(networkId, callback);
486 IpcCommon::DeleteAllPermission();
487 IAM_LOGI("end");
488 }
489
FuzzCheckValidSolution(Parcel & parcel)490 void FuzzCheckValidSolution(Parcel &parcel)
491 {
492 IAM_LOGI("begin");
493 int32_t userId = parcel.ReadInt32();
494 std::vector<uint8_t> challenge;
495 FillFuzzUint8Vector(parcel, challenge);
496 AuthParamInner authParam = {
497 .userId = parcel.ReadInt32(),
498 .challenge = challenge,
499 .authType = static_cast<AuthType>(parcel.ReadInt32()),
500 .authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32()),
501 };
502 WidgetParamInner widgetParam;
503 widgetParam.title = parcel.ReadString();
504 widgetParam.navigationButtonText = parcel.ReadString();
505 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
506 std::vector<int32_t> authType;
507 std::vector<AuthType> validType;
508 parcel.ReadInt32Vector(&authType);
509 for (const auto &iter : authType) {
510 validType.push_back(static_cast<AuthType>(iter));
511 }
512 g_userAuthService.CheckValidSolution(userId, authParam, widgetParam, validType);
513 IAM_LOGI("end");
514 }
515
516
FuzzCompleteRemoteAuthParam(Parcel & parcel)517 void FuzzCompleteRemoteAuthParam(Parcel &parcel)
518 {
519 IAM_LOGI("begin");
520 RemoteAuthParam remoteAuthParam = {};
521 std::string localNetworkId = "1234567890123456789012345678901234567890123456789012345678901234";
522 remoteAuthParam.verifierNetworkId = std::nullopt;
523 g_userAuthService.CompleteRemoteAuthParam(remoteAuthParam, localNetworkId);
524 remoteAuthParam.verifierNetworkId = "123";
525 remoteAuthParam.collectorNetworkId = "1234123456789012345678901234567890123456789012345678901234567890";
526 g_userAuthService.CompleteRemoteAuthParam(remoteAuthParam, localNetworkId);
527 remoteAuthParam.verifierNetworkId = localNetworkId;
528 g_userAuthService.CompleteRemoteAuthParam(remoteAuthParam, localNetworkId);
529 IAM_LOGI("end");
530 }
531
FuzzGetAuthContextCallback(Parcel & parcel)532 void FuzzGetAuthContextCallback(Parcel &parcel)
533 {
534 IAM_LOGI("begin");
535 int32_t apiVersion = parcel.ReadInt32();
536 AuthParamInner authParam = {};
537 WidgetParamInner widgetParam = {};
538 sptr<IIamCallback> callback = sptr<IIamCallback>(new (nothrow) DummyUserAuthCallback);
539 g_userAuthService.GetAuthContextCallback(apiVersion, authParam, widgetParam, callback);
540 authParam.authTypes = {PIN, FACE, FINGERPRINT};
541 ReuseUnlockResult reuseUnlockResult = {};
542 reuseUnlockResult.isReuse = true;
543 authParam.reuseUnlockResult = reuseUnlockResult;
544 g_userAuthService.GetAuthContextCallback(apiVersion, authParam, widgetParam, callback);
545 IAM_LOGI("end");
546 }
547
FuzzInsert2ContextPool(Parcel & parcel)548 void FuzzInsert2ContextPool(Parcel &parcel)
549 {
550 IAM_LOGI("begin");
551 ContextFactory::AuthWidgetContextPara para = {};
552 auto context = ContextFactory::CreateWidgetContext(para, nullptr, nullptr);
553 g_userAuthService.Insert2ContextPool(context);
554 IAM_LOGI("end");
555 }
556
FuzzCheckAuthWidgetType(Parcel & parcel)557 void FuzzCheckAuthWidgetType(Parcel &parcel)
558 {
559 IAM_LOGI("begin");
560 std::vector<AuthType> authType = {PIN, FACE, FINGERPRINT};
561 g_userAuthService.CheckAuthWidgetType(authType);
562 authType = {PIN, FACE, FINGERPRINT, RECOVERY_KEY};
563 g_userAuthService.CheckAuthWidgetType(authType);
564 IAM_LOGI("end");
565 }
566
FuzzCheckSingeFaceOrFinger(Parcel & parcel)567 void FuzzCheckSingeFaceOrFinger(Parcel &parcel)
568 {
569 IAM_LOGI("begin");
570 std::vector<AuthType> authType = {PIN, FACE, FINGERPRINT};
571 g_userAuthService.CheckSingeFaceOrFinger(authType);
572 authType = {PIN};
573 g_userAuthService.CheckSingeFaceOrFinger(authType);
574 authType = {FACE};
575 g_userAuthService.CheckSingeFaceOrFinger(authType);
576 authType = {FINGERPRINT};
577 g_userAuthService.CheckSingeFaceOrFinger(authType);
578 IAM_LOGI("end");
579 }
580
FuzzAuthRemoteUser(Parcel & parcel)581 void FuzzAuthRemoteUser(Parcel &parcel)
582 {
583 IAM_LOGI("begin");
584 std::vector<uint8_t> challenge;
585 FillFuzzUint8Vector(parcel, challenge);
586 AuthParamInner authParam = {
587 .userId = -1,
588 .challenge = challenge,
589 .authType = static_cast<AuthType>(parcel.ReadInt32()),
590 .authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32()),
591 };
592 Authentication::AuthenticationPara para = {};
593 RemoteAuthParam remoteAuthParam = {};
594 sptr<IIamCallback> iamCallback = sptr<IIamCallback>(new (nothrow) DummyIamCallbackInterface);
595 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
596 ResultCode failReason = SUCCESS;
597 g_userAuthService.AuthRemoteUser(authParam, para, remoteAuthParam, contextCallback, failReason);
598 authParam.userId = parcel.ReadInt32();
599 g_userAuthService.AuthRemoteUser(authParam, para, remoteAuthParam, contextCallback, failReason);
600 para.authType = PIN;
601 g_userAuthService.AuthRemoteUser(authParam, para, remoteAuthParam, contextCallback, failReason);
602 IAM_LOGI("end");
603 }
604
FuzzFillGetPropertyValue(Parcel & parcel)605 void FuzzFillGetPropertyValue(Parcel &parcel)
606 {
607 IAM_LOGI("begin");
608 AuthType authType = PIN;
609 std::vector<Attributes::AttributeKey> keys = {Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION};
610 Attributes *values = new Attributes();
611 g_userAuthService.FillGetPropertyValue(authType, keys, *values);
612 authType = FACE;
613 g_userAuthService.FillGetPropertyValue(authType, keys, *values);
614 IAM_LOGI("end");
615 }
616
FuzzFillGetPropertyKeys(Parcel & parcel)617 void FuzzFillGetPropertyKeys(Parcel &parcel)
618 {
619 IAM_LOGI("begin");
620 AuthType authType = PIN;
621 std::vector<Attributes::AttributeKey> keys = {Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION};
622 std::vector<uint32_t> uint32Keys = {parcel.ReadInt32(), parcel.ReadInt32()};
623 g_userAuthService.FillGetPropertyKeys(authType, keys, uint32Keys);
624 authType = FACE;
625 g_userAuthService.FillGetPropertyKeys(authType, keys, uint32Keys);
626 IAM_LOGI("end");
627 }
628
FuzzStartWidgetContext(Parcel & parcel)629 void FuzzStartWidgetContext(Parcel &parcel)
630 {
631 IAM_LOGI("begin");
632 sptr<IIamCallback> iamCallback = sptr<IIamCallback>(new (nothrow) DummyIamCallbackInterface);
633 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
634 AuthParamInner authParam = {};
635 WidgetParamInner widgetParam = {};
636 std::vector<AuthType> validType = {PIN};
637 ContextFactory::AuthWidgetContextPara para;
638 g_userAuthService.StartWidgetContext(contextCallback, authParam, widgetParam, validType, para, nullptr);
639 IAM_LOGI("end");
640 }
641
FuzzStartRemoteAuthInvokerContext(Parcel & parcel)642 void FuzzStartRemoteAuthInvokerContext(Parcel &parcel)
643 {
644 IAM_LOGI("begin");
645 AuthParamInner authParam = {};
646 RemoteAuthInvokerContextParam param = {};
647 sptr<IIamCallback> iamCallback = sptr<IIamCallback>(new (nothrow) DummyIamCallbackInterface);
648 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
649 g_userAuthService.StartRemoteAuthInvokerContext(authParam, param, contextCallback);
650 IAM_LOGI("end");
651 }
652
FuzzStartAuth(Parcel & parcel)653 void FuzzStartAuth(Parcel &parcel)
654 {
655 IAM_LOGI("begin");
656 int32_t apiVersion = parcel.ReadInt32();
657 uint64_t contextId = parcel.ReadUint64();
658 Authentication::AuthenticationPara para;
659 sptr<IIamCallback> iamCallback = sptr<IIamCallback>(new (nothrow) DummyIamCallbackInterface);
660 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
661 g_userAuthService.StartAuth(apiVersion, para, contextCallback, contextId);
662 IAM_LOGI("end");
663 }
664
FuzzGetPropertyById(Parcel & parcel)665 void FuzzGetPropertyById(Parcel &parcel)
666 {
667 IAM_LOGI("begin");
668 constexpr uint32_t maxDataLen = 50;
669 uint64_t credentialId = parcel.ReadUint64();
670 std::vector<uint32_t> keys;
671 uint32_t keysLen = parcel.ReadUint32() % maxDataLen;
672 keys.reserve(keysLen);
673 for (uint32_t i = 0; i < keysLen; i++) {
674 keys.emplace_back(parcel.ReadUint32());
675 }
676
677 sptr<IGetExecutorPropertyCallback> callback(nullptr);
678 callback = sptr<IGetExecutorPropertyCallback>(new (std::nothrow) DummyGetExecutorPropertyCallback());
679 g_userAuthService.GetPropertyById(credentialId, keys, callback);
680 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
681 g_userAuthService.GetPropertyById(credentialId, keys, callback);
682 IpcCommon::DeleteAllPermission();
683 IAM_LOGI("end");
684 }
685
FuzzVerifyAuthToken(Parcel & parcel)686 void FuzzVerifyAuthToken(Parcel &parcel)
687 {
688 IAM_LOGI("begin");
689 uint64_t allowableDuration = parcel.ReadUint64();
690 std::vector<uint8_t> tokenIn = {};
691 Common::FillFuzzUint8Vector(parcel, tokenIn);
692 sptr<IVerifyTokenCallback> callback(nullptr);
693 if (parcel.ReadBool()) {
694 callback = sptr<IVerifyTokenCallback>(new (std::nothrow) DummyVerifyTokenCallback());
695 }
696 g_userAuthService.VerifyAuthToken(tokenIn, allowableDuration, callback);
697 IpcCommon::AddPermission(USE_USER_ACCESS_MANAGER);
698 IpcCommon::AddPermission(IS_SYSTEM_APP);
699 g_userAuthService.VerifyAuthToken(tokenIn, allowableDuration, callback);
700 IpcCommon::DeleteAllPermission();
701 IAM_LOGI("end");
702 }
703
FuzzQueryReusableAuthResult(Parcel & parcel)704 void FuzzQueryReusableAuthResult(Parcel &parcel)
705 {
706 IAM_LOGI("begin");
707 std::vector<uint8_t> token;
708 IpcAuthParamInner ipcAuthParamInner = {};
709 ipcAuthParamInner.userId = parcel.ReadInt32();
710 Common::FillFuzzUint8Vector(parcel, ipcAuthParamInner.challenge);
711 ipcAuthParamInner.authTypes.push_back(parcel.ReadInt32());
712 ipcAuthParamInner.authTrustLevel = parcel.ReadUint32();
713 ipcAuthParamInner.reuseUnlockResult.isReuse = parcel.ReadBool();
714 ipcAuthParamInner.reuseUnlockResult.reuseMode = parcel.ReadInt32();
715 ipcAuthParamInner.reuseUnlockResult.reuseDuration = parcel.ReadUint64();
716 IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION);
717 IpcCommon::AddPermission(IS_SYSTEM_APP);
718 g_userAuthService.QueryReusableAuthResult(ipcAuthParamInner, token);
719 IpcCommon::DeleteAllPermission();
720 IAM_LOGI("end");
721 }
722
FuzzGetAuthTokenAttr(Parcel & parcel)723 void FuzzGetAuthTokenAttr(Parcel &parcel)
724 {
725 IAM_LOGI("begin");
726 std::vector<uint8_t> challenge;
727 FillFuzzUint8Vector(parcel, challenge);
728 const HdiUserAuthTokenPlain tokenPlain = {
729 .version = parcel.ReadInt32(),
730 .userId = parcel.ReadInt32(),
731 .challenge = challenge,
732 .timeInterval = parcel.ReadUint64(),
733 .authTrustLevel = parcel.ReadUint32(),
734 .authType = parcel.ReadInt32(),
735 .tokenType = parcel.ReadInt32(),
736 .secureUid = parcel.ReadUint64(),
737 .enrolledId = parcel.ReadUint64(),
738 .credentialId = parcel.ReadUint64()
739 };
740 std::vector<uint8_t> rootSecret;
741 FillFuzzUint8Vector(parcel, rootSecret);
742 Attributes extraInfo;
743 g_userAuthService.GetAuthTokenAttr(tokenPlain, rootSecret, extraInfo);
744 IAM_LOGI("end");
745 }
746
747 using FuzzFunc = decltype(FuzzGetAvailableStatus);
748 FuzzFunc *g_fuzzFuncs[] = {
749 FuzzGetResourseNode,
750 FuzzGetEnrolledState,
751 FuzzGetAvailableStatus,
752 FuzzGetProperty,
753 FuzzSetProperty,
754 FuzzAuth,
755 FuzzAuthUser,
756 FuzzDoPrepareRemoteAuth,
757 FuzzIdentify,
758 FuzzCancelAuthOrIdentify,
759 FuzzGetVersion,
760 FuzzAuthWidget,
761 FuzzStartAuthWidget,
762 FuzzNotice,
763 FuzzRegisterWidgetCallback,
764 FuzzRegistUserAuthSuccessEventListener,
765 FuzzSetGlobalConfigParam,
766 FuzzPrepareRemoteAuth,
767 FuzzCheckValidSolution,
768 FuzzCompleteRemoteAuthParam,
769 FuzzGetAuthContextCallback,
770 FuzzInsert2ContextPool,
771 FuzzCheckAuthWidgetType,
772 FuzzCheckSingeFaceOrFinger,
773 FuzzAuthRemoteUser,
774 FuzzFillGetPropertyValue,
775 FuzzFillGetPropertyKeys,
776 FuzzStartWidgetContext,
777 FuzzStartRemoteAuthInvokerContext,
778 FuzzStartAuth,
779 FuzzGetPropertyById,
780 FuzzVerifyAuthToken,
781 FuzzGetAuthTokenAttr,
782 FuzzQueryReusableAuthResult,
783 };
784
UserAuthFuzzTest(const uint8_t * data,size_t size)785 void UserAuthFuzzTest(const uint8_t *data, size_t size)
786 {
787 Parcel parcel;
788 parcel.WriteBuffer(data, size);
789 parcel.RewindRead(0);
790 for (auto fuzzFunc : g_fuzzFuncs) {
791 fuzzFunc(parcel);
792 }
793 return;
794 }
795 } // namespace
796 } // namespace UserAuth
797 } // namespace UserIam
798 } // namespace OHOS
799
800 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)801 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
802 {
803 OHOS::UserIam::UserAuth::UserAuthFuzzTest(data, size);
804 return 0;
805 }
806