1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dm_auth_manager_fuzzer.h"
17
18 #include <fuzzer/FuzzedDataProvider.h>
19 #include <string>
20
21 #include "auth_manager.h"
22 #include "device_manager_service_listener.h"
23 #include "dm_auth_context.h"
24 #include "dm_auth_state_machine.h"
25
26 namespace OHOS {
27 namespace DistributedHardware {
28
29 int32_t g_sessionId = 1;
30 int32_t g_sessionSide = 0;
31 int32_t g_result = 1;
32 int32_t g_authType = 1;
33 int32_t g_status = 1;
34 int32_t g_pinCode = 1;
35 int32_t g_action = 1;
36 int32_t g_userId = 1;
37 int32_t g_pageId = 1;
38 int32_t g_reason = 1;
39 int32_t g_state = 1;
40 int64_t g_requestId = 1;
41 int64_t g_operationCode = 1;
42 int64_t g_localSessionId = 1;
43
44 std::map<std::string, std::string> g_bindParam;
45 const char* PARAM_KEY_AUTH_TYPE = "AUTH_TYPE";
46 PeerTargetId g_targetId = {
47 .deviceId = "deviceId",
48 .brMac = "brMac",
49 .bleMac = "bleMac",
50 .wifiIp = "wifiIp",
51 };
52
53 // AuthSrcManager fuzz
DmAuthSrcManagerFuzzTest(const uint8_t * data,size_t size)54 void DmAuthSrcManagerFuzzTest(const uint8_t* data, size_t size)
55 {
56 if ((data == nullptr) || (size < sizeof(int32_t))) {
57 return;
58 }
59 std::shared_ptr<SoftbusConnector> softbusConnector = std::make_shared<SoftbusConnector>();
60 std::shared_ptr<IDeviceManagerServiceListener> listener = std::make_shared<DeviceManagerServiceListener>();
61 std::shared_ptr<HiChainAuthConnector> hiChainAuthConnector = std::make_shared<HiChainAuthConnector>();
62 std::shared_ptr<HiChainConnector> hiChainConnector = std::make_shared<HiChainConnector>();
63 FuzzedDataProvider fdp(data, size);
64 std::string str(reinterpret_cast<const char*>(data), size);
65 int32_t bindLevel = fdp.ConsumeIntegral<int32_t>();
66 std::shared_ptr<AuthManager> authManager = std::make_shared<AuthSrcManager>(softbusConnector, hiChainConnector,
67 listener, hiChainAuthConnector);
68
69 authManager->OnUserOperation(g_action, str);
70 authManager->BindTarget(str, g_targetId, g_bindParam, g_sessionId, g_localSessionId);
71 authManager->StopAuthenticateDevice(str);
72 authManager->ImportAuthCode(str, str);
73 authManager->RegisterUiStateCallback(str);
74 authManager->UnRegisterUiStateCallback(str);
75 authManager->UnAuthenticateDevice(str, str, bindLevel);
76 authManager->UnBindDevice(str, str, bindLevel, str);
77 authManager->HandleDeviceNotTrust(str);
78 authManager->DeleteGroup(str, str);
79 authManager->AuthDeviceTransmit(g_requestId, data, size);
80 authManager->AuthDeviceSessionKey(g_requestId, data, size);
81 char *ret = authManager->AuthDeviceRequest(g_requestId, g_operationCode, str.c_str());
82 if (ret != nullptr) {
83 free(ret);
84 ret = nullptr;
85 }
86 authManager->OnDataReceived(g_sessionId, str);
87 authManager->OnAuthDeviceDataReceived(g_sessionId, str);
88 }
89
90 // AuthSinkManager fuzz
DmAuthSinkManagerFuzzTest(const uint8_t * data,size_t size)91 void DmAuthSinkManagerFuzzTest(const uint8_t* data, size_t size)
92 {
93 if ((data == nullptr) || (size < sizeof(int32_t))) {
94 return;
95 }
96 std::shared_ptr<SoftbusConnector> softbusConnector = std::make_shared<SoftbusConnector>();
97 std::shared_ptr<IDeviceManagerServiceListener> listener = std::make_shared<DeviceManagerServiceListener>();
98 std::shared_ptr<HiChainAuthConnector> hiChainAuthConnector = std::make_shared<HiChainAuthConnector>();
99 std::shared_ptr<HiChainConnector> hiChainConnector = std::make_shared<HiChainConnector>();
100 FuzzedDataProvider fdp(data, size);
101 std::string str(reinterpret_cast<const char*>(data), size);
102 int32_t bindLevel = fdp.ConsumeIntegral<int32_t>();
103 std::shared_ptr<AuthManager> authManager = std::make_shared<AuthSinkManager>(softbusConnector, hiChainConnector,
104 listener, hiChainAuthConnector);
105
106 authManager->OnUserOperation(g_action, str);
107 authManager->BindTarget(str, g_targetId, g_bindParam, g_sessionId, g_localSessionId);
108 authManager->StopAuthenticateDevice(str);
109 authManager->ImportAuthCode(str, str);
110 authManager->RegisterUiStateCallback(str);
111 authManager->UnRegisterUiStateCallback(str);
112 authManager->UnAuthenticateDevice(str, str, bindLevel);
113 authManager->UnBindDevice(str, str, bindLevel, str);
114 authManager->HandleDeviceNotTrust(str);
115 authManager->DeleteGroup(str, str);
116 authManager->AuthDeviceTransmit(g_requestId, data, size);
117 authManager->AuthDeviceSessionKey(g_requestId, data, size);
118 char *ret = authManager->AuthDeviceRequest(g_requestId, g_operationCode, str.c_str());
119 if (ret != nullptr) {
120 free(ret);
121 ret = nullptr;
122 }
123 authManager->OnDataReceived(g_sessionId, str);
124 authManager->OnAuthDeviceDataReceived(g_sessionId, str);
125 }
126
DmAuthManagerV2FuzzTest(const uint8_t * data,size_t size)127 void DmAuthManagerV2FuzzTest(const uint8_t* data, size_t size)
128 {
129 if ((data == nullptr) || (size < sizeof(int32_t))) {
130 return;
131 }
132 std::shared_ptr<SoftbusConnector> softbusConnector = std::make_shared<SoftbusConnector>();
133 std::shared_ptr<IDeviceManagerServiceListener> listener = std::make_shared<DeviceManagerServiceListener>();
134 std::shared_ptr<HiChainAuthConnector> hiChainAuthConnector = std::make_shared<HiChainAuthConnector>();
135 std::shared_ptr<HiChainConnector> hiChainConnector = std::make_shared<HiChainConnector>();
136 FuzzedDataProvider fdp(data, size);
137 int32_t sessionId = fdp.ConsumeIntegral<int32_t>();
138 int32_t sessionSide = fdp.ConsumeIntegral<int32_t>();
139 int32_t result = fdp.ConsumeIntegral<int32_t>();
140 int64_t requestId = fdp.ConsumeIntegral<int64_t>();
141 int32_t errorCode = fdp.ConsumeIntegral<int32_t>();
142 uint64_t logicalSessionId = fdp.ConsumeIntegral<uint64_t>();
143 int32_t authType = fdp.ConsumeIntegral<int32_t>();
144 PeerTargetId targetId = {
145 .deviceId = fdp.ConsumeRandomLengthString(),
146 .brMac = fdp.ConsumeRandomLengthString(),
147 .bleMac = fdp.ConsumeRandomLengthString(),
148 .wifiIp = fdp.ConsumeRandomLengthString(),
149 .wifiPort = fdp.ConsumeIntegral<uint16_t>(),
150 };
151 std::map<std::string, std::string> bindParam = { { "key1", fdp.ConsumeRandomLengthString() },
152 { "key2", fdp.ConsumeRandomLengthString() }, { PARAM_KEY_AUTH_TYPE, "1" } };
153 std::string pkgName = fdp.ConsumeRandomLengthString();
154 std::string deviceId = fdp.ConsumeRandomLengthString();
155 std::string extra = fdp.ConsumeRandomLengthString();
156 std::shared_ptr<AuthManager> authSrcManager =
157 std::make_shared<AuthSrcManager>(softbusConnector, hiChainConnector, listener, hiChainAuthConnector);
158 std::shared_ptr<AuthManager> authSinkManager =
159 std::make_shared<AuthSinkManager>(softbusConnector, hiChainConnector, listener, hiChainAuthConnector);
160 authSrcManager->BindTarget(pkgName, targetId, bindParam, sessionId, logicalSessionId);
161 authSrcManager->GetAuthParam(pkgName, authType, deviceId, extra);
162 authSinkManager->OnSessionOpened(sessionId, sessionSide, result);
163 authSrcManager->OnSessionDisable();
164 authSrcManager->GetIsCryptoSupport();
165 authSinkManager->GetBindTargetParams(pkgName, targetId, bindParam);
166 authSinkManager->SetBindTargetParams(targetId);
167 authSinkManager->ClearSoftbusSessionCallback();
168 authSinkManager->PrepareSoftbusSessionCallback();
169 }
170 }
171 }
172
173 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)174 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
175 {
176 /* Run your code on data */
177 OHOS::DistributedHardware::DmAuthSrcManagerFuzzTest(data, size);
178 OHOS::DistributedHardware::DmAuthSinkManagerFuzzTest(data, size);
179 OHOS::DistributedHardware::DmAuthManagerV2FuzzTest(data, size);
180 return 0;
181 }