• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "user_idm_client_fuzzer.h"
17 
18 #include "parcel.h"
19 
20 #include "user_idm_client.h"
21 #include "user_idm_callback_service.h"
22 #include "iam_fuzz_test.h"
23 #include "iam_logger.h"
24 #include "iam_ptr.h"
25 
26 #define LOG_TAG "USER_AUTH_SDK"
27 
28 namespace OHOS {
29 namespace UserIam {
30 namespace UserAuth {
31 namespace {
32 class DummyUserIdmClientCallback final : public UserIdmClientCallback {
33 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)34     void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
35     {
36         IAM_LOGI("start");
37         static_cast<void>(module);
38         static_cast<void>(acquireInfo);
39         static_cast<void>(extraInfo);
40     }
41 
OnResult(int32_t result,const Attributes & extraInfo)42     void OnResult(int32_t result, const Attributes &extraInfo)
43     {
44         IAM_LOGI("start");
45         static_cast<void>(result);
46         static_cast<void>(extraInfo);
47     }
48 };
49 
50 class DummyGetCredentialInfoCallback final : public GetCredentialInfoCallback {
51 public:
OnCredentialInfo(int32_t result,const std::vector<CredentialInfo> & infoList)52     void OnCredentialInfo(int32_t result, const std::vector<CredentialInfo> &infoList)
53     {
54         IAM_LOGI("start");
55         static_cast<void>(result);
56         static_cast<void>(infoList);
57     }
58 };
59 
60 class DummyGetSecUserInfoCallback final : public GetSecUserInfoCallback {
61 public:
OnSecUserInfo(int32_t result,const SecUserInfo & info)62     void OnSecUserInfo(int32_t result, const SecUserInfo &info)
63     {
64         IAM_LOGI("start");
65         static_cast<void>(result);
66         static_cast<void>(info);
67     }
68 };
69 
70 class DummyCredChangeEventListener final : public CredChangeEventListener {
71 public:
OnNotifyCredChangeEvent(int32_t userId,AuthType authType,CredChangeEventType eventType,const CredChangeEventInfo & changeInfo)72     void OnNotifyCredChangeEvent(int32_t userId, AuthType authType, CredChangeEventType eventType,
73         const CredChangeEventInfo &changeInfo)
74     {
75         IAM_LOGI("start");
76         static_cast<void>(userId);
77         static_cast<void>(authType);
78         static_cast<void>(eventType);
79         static_cast<void>(changeInfo);
80     }
81 };
82 
FuzzClientOpenSession(Parcel & parcel)83 void FuzzClientOpenSession(Parcel &parcel)
84 {
85     IAM_LOGI("start");
86     int32_t userId = parcel.ReadInt32();
87     UserIdmClient::GetInstance().OpenSession(userId);
88     IAM_LOGI("end");
89 }
90 
FuzzClientCloseSession(Parcel & parcel)91 void FuzzClientCloseSession(Parcel &parcel)
92 {
93     IAM_LOGI("start");
94     int32_t userId = parcel.ReadInt32();
95     UserIdmClient::GetInstance().CloseSession(userId);
96     IAM_LOGI("end");
97 }
98 
FuzzClientAddCredential(Parcel & parcel)99 void FuzzClientAddCredential(Parcel &parcel)
100 {
101     IAM_LOGI("start");
102     int32_t userId = parcel.ReadInt32();
103     CredentialParameters para = {};
104     para.authType = static_cast<AuthType>(parcel.ReadInt32());
105     Common::FillFuzzUint8Vector(parcel, para.token);
106     auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
107     UserIdmClient::GetInstance().AddCredential(userId, para, callback);
108     UserIdmClient::GetInstance().AddCredential(userId, para, nullptr);
109     IAM_LOGI("end");
110 }
111 
FuzzClientUpdateCredential(Parcel & parcel)112 void FuzzClientUpdateCredential(Parcel &parcel)
113 {
114     IAM_LOGI("start");
115     int32_t userId = parcel.ReadInt32();
116     CredentialParameters para = {};
117     para.authType = static_cast<AuthType>(parcel.ReadInt32());
118     Common::FillFuzzUint8Vector(parcel, para.token);
119     auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
120     UserIdmClient::GetInstance().UpdateCredential(userId, para, callback);
121     UserIdmClient::GetInstance().UpdateCredential(userId, para, nullptr);
122     IAM_LOGI("end");
123 }
124 
FuzzClientCancel(Parcel & parcel)125 void FuzzClientCancel(Parcel &parcel)
126 {
127     IAM_LOGI("start");
128     int32_t userId = parcel.ReadInt32();
129     UserIdmClient::GetInstance().Cancel(userId);
130     IAM_LOGI("end");
131 }
132 
FuzzClientDeleteCredential(Parcel & parcel)133 void FuzzClientDeleteCredential(Parcel &parcel)
134 {
135     IAM_LOGI("start");
136     int32_t userId = parcel.ReadInt32();
137     uint64_t credentialId = parcel.ReadUint64();
138     std::vector<uint8_t> authToken;
139     Common::FillFuzzUint8Vector(parcel, authToken);
140     auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
141     UserIdmClient::GetInstance().DeleteCredential(userId, credentialId, authToken, callback);
142     UserIdmClient::GetInstance().DeleteCredential(userId, credentialId, authToken, nullptr);
143     IAM_LOGI("end");
144 }
145 
FuzzClientDeleteUser(Parcel & parcel)146 void FuzzClientDeleteUser(Parcel &parcel)
147 {
148     IAM_LOGI("start");
149     int32_t userId = parcel.ReadInt32();
150     std::vector<uint8_t> authToken;
151     Common::FillFuzzUint8Vector(parcel, authToken);
152     auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
153     UserIdmClient::GetInstance().DeleteUser(userId, authToken, callback);
154     UserIdmClient::GetInstance().DeleteUser(userId, authToken, nullptr);
155     IAM_LOGI("end");
156 }
157 
FuzzClientEraseUser(Parcel & parcel)158 void FuzzClientEraseUser(Parcel &parcel)
159 {
160     IAM_LOGI("start");
161     int32_t userId = parcel.ReadInt32();
162     auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
163     UserIdmClient::GetInstance().EraseUser(userId, callback);
164     UserIdmClient::GetInstance().EraseUser(userId, nullptr);
165     IAM_LOGI("end");
166 }
167 
FuzzClientGetCredentialInfo(Parcel & parcel)168 void FuzzClientGetCredentialInfo(Parcel &parcel)
169 {
170     IAM_LOGI("start");
171     int32_t userId = parcel.ReadInt32();
172     auto authType = static_cast<AuthType>(parcel.ReadInt32());
173     auto callback = Common::MakeShared<DummyGetCredentialInfoCallback>();
174     UserIdmClient::GetInstance().GetCredentialInfo(userId, authType, callback);
175     UserIdmClient::GetInstance().GetCredentialInfo(userId, authType, nullptr);
176     IAM_LOGI("end");
177 }
178 
FuzzClientGetSecUserInfo(Parcel & parcel)179 void FuzzClientGetSecUserInfo(Parcel &parcel)
180 {
181     IAM_LOGI("start");
182     int32_t userId = parcel.ReadInt32();
183     auto callback = Common::MakeShared<DummyGetSecUserInfoCallback>();
184     UserIdmClient::GetInstance().GetSecUserInfo(userId, callback);
185     UserIdmClient::GetInstance().GetSecUserInfo(userId, nullptr);
186     IAM_LOGI("end");
187 }
188 
FuzzClientClearRedundancyCredential(Parcel & parcel)189 void FuzzClientClearRedundancyCredential(Parcel &parcel)
190 {
191     IAM_LOGI("start");
192     auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
193     UserIdmClient::GetInstance().ClearRedundancyCredential(callback);
194     UserIdmClient::GetInstance().ClearRedundancyCredential(nullptr);
195     IAM_LOGI("end");
196 }
197 
FuzzClientRegistCredChangeEventListener(Parcel & parcel)198 void FuzzClientRegistCredChangeEventListener(Parcel &parcel)
199 {
200     IAM_LOGI("start");
201     std::vector<AuthType> authTypeList;
202     authTypeList.push_back(AuthType::PIN);
203     authTypeList.push_back(AuthType::FACE);
204     authTypeList.push_back(AuthType::FINGERPRINT);
205     auto listener = Common::MakeShared<DummyCredChangeEventListener>();
206     UserIdmClient::GetInstance().RegistCredChangeEventListener(authTypeList, listener);
207     IAM_LOGI("end");
208 }
209 
FuzzClientUnRegistCredChangeEventListener(Parcel & Parcel)210 void FuzzClientUnRegistCredChangeEventListener(Parcel &Parcel)
211 {
212     IAM_LOGI("start");
213     auto listener = Common::MakeShared<DummyCredChangeEventListener>();
214     UserIdmClient::GetInstance().UnRegistCredChangeEventListener(listener);
215     IAM_LOGI("end");
216 }
217 
218 auto g_IdmCallbackService =
219     Common::MakeShared<IdmCallbackService>(Common::MakeShared<DummyUserIdmClientCallback>());
220 
221 auto g_IdmGetCredInfoCallbackService =
222     Common::MakeShared<IdmGetCredInfoCallbackService>(Common::MakeShared<DummyGetCredentialInfoCallback>());
223 
224 auto g_IdmGetSecureUserInfoCallbackService =
225     Common::MakeShared<IdmGetSecureUserInfoCallbackService>(Common::MakeShared<DummyGetSecUserInfoCallback>());
226 
FuzzIdmCallbackServiceOnResult(Parcel & parcel)227 void FuzzIdmCallbackServiceOnResult(Parcel &parcel)
228 {
229     IAM_LOGI("start");
230     int32_t result = parcel.ReadInt32();
231     std::vector<uint8_t> attr;
232     Common::FillFuzzUint8Vector(parcel, attr);
233     Attributes extraInfo(attr);
234     if (g_IdmCallbackService != nullptr) {
235         g_IdmCallbackService->OnResult(result, extraInfo.Serialize());
236     }
237     IAM_LOGI("end");
238 }
239 
FuzzIdmCallbackServiceOnAcquireInfo(Parcel & parcel)240 void FuzzIdmCallbackServiceOnAcquireInfo(Parcel &parcel)
241 {
242     IAM_LOGI("start");
243     int32_t module = parcel.ReadInt32();
244     int32_t acquireInfo = parcel.ReadInt32();
245     std::vector<uint8_t> attr;
246     Common::FillFuzzUint8Vector(parcel, attr);
247     Attributes extraInfo(attr);
248     if (g_IdmCallbackService != nullptr) {
249         g_IdmCallbackService->OnAcquireInfo(module, acquireInfo, extraInfo.Serialize());
250     }
251     IAM_LOGI("end");
252 }
253 
FuzzCallbackServiceOnCredentialInfos(Parcel & parcel)254 void FuzzCallbackServiceOnCredentialInfos(Parcel &parcel)
255 {
256     IAM_LOGI("start");
257     IpcCredentialInfo info = {};
258     info.authType = static_cast<AuthType>(parcel.ReadInt32());
259     info.credentialId = parcel.ReadUint64();
260     info.templateId = parcel.ReadUint64();
261     info.pinType = static_cast<PinSubType>(parcel.ReadInt32());
262     std::vector<IpcCredentialInfo> credInfoList = {info};
263     int32_t result = parcel.ReadInt32();
264     if (g_IdmGetCredInfoCallbackService != nullptr) {
265         g_IdmGetCredInfoCallbackService->OnCredentialInfos(result, credInfoList);
266     }
267     IAM_LOGI("end");
268 }
269 
FuzzCallbackServiceOnSecureUserInfo(Parcel & parcel)270 void FuzzCallbackServiceOnSecureUserInfo(Parcel &parcel)
271 {
272     IAM_LOGI("start");
273     IpcSecUserInfo secUserInfo = {};
274     secUserInfo.secureUid = parcel.ReadUint64();
275     IpcEnrolledInfo info = {};
276     info.authType = parcel.ReadInt32();
277     info.enrolledId = parcel.ReadUint64();
278     secUserInfo.enrolledInfo.push_back(info);
279     int32_t result = parcel.ReadInt32();
280 
281     if (g_IdmGetSecureUserInfoCallbackService != nullptr) {
282         g_IdmGetSecureUserInfoCallbackService->OnSecureUserInfo(result, secUserInfo);
283     }
284     IAM_LOGI("end");
285 }
286 
FuzzClientGetCredentialInfoSync(Parcel & parcel)287 void FuzzClientGetCredentialInfoSync(Parcel &parcel)
288 {
289     IAM_LOGI("start");
290     int32_t userId = parcel.ReadInt32();
291     auto authType = static_cast<AuthType>(parcel.ReadInt32());
292     std::vector<CredentialInfo> credentialInfoList;
293     UserIdmClient::GetInstance().GetCredentialInfoSync(userId, authType, credentialInfoList);
294     IAM_LOGI("end");
295 }
296 
297 
298 using FuzzFunc = decltype(FuzzClientOpenSession);
299 FuzzFunc *g_fuzzFuncs[] = {
300     FuzzClientOpenSession,
301     FuzzClientCloseSession,
302     FuzzClientAddCredential,
303     FuzzClientUpdateCredential,
304     FuzzClientCancel,
305     FuzzClientDeleteCredential,
306     FuzzClientDeleteUser,
307     FuzzClientEraseUser,
308     FuzzClientGetCredentialInfo,
309     FuzzClientGetSecUserInfo,
310     FuzzIdmCallbackServiceOnResult,
311     FuzzIdmCallbackServiceOnAcquireInfo,
312     FuzzCallbackServiceOnCredentialInfos,
313     FuzzCallbackServiceOnSecureUserInfo,
314     FuzzClientClearRedundancyCredential,
315     FuzzClientRegistCredChangeEventListener,
316     FuzzClientUnRegistCredChangeEventListener,
317     FuzzClientGetCredentialInfoSync,
318 };
319 
UserIdmClientFuzzTest(const uint8_t * data,size_t size)320 void UserIdmClientFuzzTest(const uint8_t *data, size_t size)
321 {
322     Parcel parcel;
323     parcel.WriteBuffer(data, size);
324     parcel.RewindRead(0);
325     uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
326     auto fuzzFunc = g_fuzzFuncs[index];
327     fuzzFunc(parcel);
328     return;
329 }
330 } // namespace
331 } // namespace UserAuth
332 } // namespace UserIam
333 } // namespace OHOS
334 
335 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)336 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
337 {
338     OHOS::UserIam::UserAuth::UserIdmClientFuzzTest(data, size);
339     return 0;
340 }
341