1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <fuzzer/FuzzedDataProvider.h>
16 #include <vector>
17
18 #include "auth_confirm_fuzzer.h"
19
20 #include "auth_manager.h"
21 #include "deviceprofile_connector.h"
22 #include "device_manager_service_listener.h"
23 #include "dm_anonymous.h"
24 #include "dm_auth_context.h"
25 #include "dm_auth_manager_base.h"
26 #include "dm_auth_message_processor.h"
27 #include "dm_auth_state_machine.h"
28 #include "dm_constants.h"
29 #include "dm_crypto.h"
30 #include "dm_log.h"
31
32
33 namespace OHOS {
34 namespace DistributedHardware {
35
36 class FuzzTestContext {
37 public:
FuzzTestContext()38 FuzzTestContext()
39 {
40 softbusConnector = std::make_shared<SoftbusConnector>();
41 listener = std::make_shared<DeviceManagerServiceListener>();
42 hiChainAuthConnector = std::make_shared<HiChainAuthConnector>();
43 hiChainConnector = std::make_shared<HiChainConnector>();
44 authManager = std::make_shared<AuthSrcManager>(
45 softbusConnector, hiChainConnector, listener, hiChainAuthConnector);
46 context_ = authManager->GetAuthContext();
47
48 // 初始化状态机相关对象
49 authSrcConfirmState_ = std::make_shared<AuthSrcConfirmState>();
50 authSinkConfirmState_ = std::make_shared<AuthSinkConfirmState>();
51 authSinkStatePinAuthComm_ = std::make_shared<AuthSinkStatePinAuthComm>();
52 authSrcPinAuthStartState_ = std::make_shared<AuthSrcPinAuthStartState>();
53 authSinkPinAuthStartState_ = std::make_shared<AuthSinkPinAuthStartState>();
54 authSrcPinAuthMsgNegotiateState_ = std::make_shared<AuthSrcPinAuthMsgNegotiateState>();
55 authSinkPinAuthMsgNegotiateState_ = std::make_shared<AuthSinkPinAuthMsgNegotiateState>();
56 authSinkPinAuthDoneState_ = std::make_shared<AuthSinkPinAuthDoneState>();
57 authSrcPinAuthDoneState_ = std::make_shared<AuthSrcPinAuthDoneState>();
58 authSrcPinNegotiateStartState_ = std::make_shared<AuthSrcPinNegotiateStartState>();
59 authSrcPinInputState_ = std::make_shared<AuthSrcPinInputState>();
60 authSinkPinNegotiateStartState_ = std::make_shared<AuthSinkPinNegotiateStartState>();
61 authSinkPinDisplayState_ = std::make_shared<AuthSinkPinDisplayState>();
62 authSrcReverseUltrasonicStartState_ = std::make_shared<AuthSrcReverseUltrasonicStartState>();
63 authSrcReverseUltrasonicDoneState_ = std::make_shared<AuthSrcReverseUltrasonicDoneState>();
64 authSrcForwardUltrasonicStartState_ = std::make_shared<AuthSrcForwardUltrasonicStartState>();
65 authSrcForwardUltrasonicDoneState_ = std::make_shared<AuthSrcForwardUltrasonicDoneState>();
66 authSinkReverseUltrasonicStartState_ = std::make_shared<AuthSinkReverseUltrasonicStartState>();
67 authSinkReverseUltrasonicDoneState_ = std::make_shared<AuthSinkReverseUltrasonicDoneState>();
68 authSinkForwardUltrasonicStartState_ = std::make_shared<AuthSinkForwardUltrasonicStartState>();
69 authSinkForwardUltrasonicDoneState_ = std::make_shared<AuthSinkForwardUltrasonicDoneState>();
70 authSrcCredentialAuthNegotiateState_ = std::make_shared<AuthSrcCredentialAuthNegotiateState>();
71 authSrcCredentialAuthDoneState_ = std::make_shared<AuthSrcCredentialAuthDoneState>();
72 authSinkCredentialAuthStartState_ = std::make_shared<AuthSinkCredentialAuthStartState>();
73 authSinkCredentialAuthNegotiateState_ = std::make_shared<AuthSinkCredentialAuthNegotiateState>();
74 authSrcCredentialExchangeState_ = std::make_shared<AuthSrcCredentialExchangeState>();
75 authSinkCredentialExchangeState_ = std::make_shared<AuthSinkCredentialExchangeState>();
76 authSrcCredentialAuthStartState_ = std::make_shared<AuthSrcCredentialAuthStartState>();
77 authSrcStartState_ = std::make_shared<AuthSrcStartState>();
78 authSrcNegotiateStateMachine_ = std::make_shared<AuthSrcNegotiateStateMachine>();
79 authSinkNegotiateStateMachine_ = std::make_shared<AuthSinkNegotiateStateMachine>();
80 }
81
~FuzzTestContext()82 ~FuzzTestContext()
83 {
84 authSrcNegotiateStateMachine_.reset();
85 authSinkNegotiateStateMachine_.reset();
86
87 authSrcConfirmState_.reset();
88 authSinkConfirmState_.reset();
89 authSinkStatePinAuthComm_.reset();
90 authSrcPinAuthStartState_.reset();
91 authSinkPinAuthStartState_.reset();
92 authSrcPinAuthMsgNegotiateState_.reset();
93 authSinkPinAuthMsgNegotiateState_.reset();
94 authSinkPinAuthDoneState_.reset();
95 authSrcPinAuthDoneState_.reset();
96 authSrcPinNegotiateStartState_.reset();
97 authSrcPinInputState_.reset();
98 authSinkPinNegotiateStartState_.reset();
99 authSinkPinDisplayState_.reset();
100 authSrcReverseUltrasonicStartState_.reset();
101 authSrcReverseUltrasonicDoneState_.reset();
102 authSrcForwardUltrasonicStartState_.reset();
103 authSrcForwardUltrasonicDoneState_.reset();
104 authSinkReverseUltrasonicStartState_.reset();
105 authSinkReverseUltrasonicDoneState_.reset();
106 authSinkForwardUltrasonicStartState_.reset();
107 authSinkForwardUltrasonicDoneState_.reset();
108 authSrcCredentialAuthNegotiateState_.reset();
109 authSrcCredentialAuthDoneState_.reset();
110 authSinkCredentialAuthStartState_.reset();
111 authSinkCredentialAuthNegotiateState_.reset();
112 authSrcCredentialExchangeState_.reset();
113 authSinkCredentialExchangeState_.reset();
114 authSrcCredentialAuthStartState_.reset();
115 authSrcStartState_.reset();
116 context_.reset();
117 authManager.reset();
118 }
119
120 public:
121 std::shared_ptr<SoftbusConnector> softbusConnector;
122 std::shared_ptr<IDeviceManagerServiceListener> listener;
123 std::shared_ptr<HiChainAuthConnector> hiChainAuthConnector;
124 std::shared_ptr<HiChainConnector> hiChainConnector;
125 std::shared_ptr<AuthManager> authManager;
126 std::shared_ptr<DmAuthContext> context_;
127
128 std::shared_ptr<AuthSrcConfirmState> authSrcConfirmState_;
129 std::shared_ptr<AuthSinkConfirmState> authSinkConfirmState_;
130 std::shared_ptr<AuthSinkStatePinAuthComm> authSinkStatePinAuthComm_;
131 std::shared_ptr<AuthSrcPinAuthStartState> authSrcPinAuthStartState_;
132 std::shared_ptr<AuthSinkPinAuthStartState> authSinkPinAuthStartState_;
133 std::shared_ptr<AuthSrcPinAuthMsgNegotiateState> authSrcPinAuthMsgNegotiateState_;
134 std::shared_ptr<AuthSinkPinAuthMsgNegotiateState> authSinkPinAuthMsgNegotiateState_;
135 std::shared_ptr<AuthSinkPinAuthDoneState> authSinkPinAuthDoneState_;
136 std::shared_ptr<AuthSrcPinAuthDoneState> authSrcPinAuthDoneState_;
137 std::shared_ptr<AuthSrcPinNegotiateStartState> authSrcPinNegotiateStartState_;
138 std::shared_ptr<AuthSrcPinInputState> authSrcPinInputState_;
139 std::shared_ptr<AuthSinkPinNegotiateStartState> authSinkPinNegotiateStartState_;
140 std::shared_ptr<AuthSinkPinDisplayState> authSinkPinDisplayState_;
141 std::shared_ptr<AuthSrcReverseUltrasonicStartState> authSrcReverseUltrasonicStartState_;
142 std::shared_ptr<AuthSrcReverseUltrasonicDoneState> authSrcReverseUltrasonicDoneState_;
143 std::shared_ptr<AuthSrcForwardUltrasonicStartState> authSrcForwardUltrasonicStartState_;
144 std::shared_ptr<AuthSrcForwardUltrasonicDoneState> authSrcForwardUltrasonicDoneState_;
145 std::shared_ptr<AuthSinkReverseUltrasonicStartState> authSinkReverseUltrasonicStartState_;
146 std::shared_ptr<AuthSinkReverseUltrasonicDoneState> authSinkReverseUltrasonicDoneState_;
147 std::shared_ptr<AuthSinkForwardUltrasonicStartState> authSinkForwardUltrasonicStartState_;
148 std::shared_ptr<AuthSinkForwardUltrasonicDoneState> authSinkForwardUltrasonicDoneState_;
149 std::shared_ptr<AuthSrcCredentialAuthNegotiateState> authSrcCredentialAuthNegotiateState_;
150 std::shared_ptr<AuthSrcCredentialAuthDoneState> authSrcCredentialAuthDoneState_;
151 std::shared_ptr<AuthSinkCredentialAuthStartState> authSinkCredentialAuthStartState_;
152 std::shared_ptr<AuthSinkCredentialAuthNegotiateState> authSinkCredentialAuthNegotiateState_;
153 std::shared_ptr<AuthSrcCredentialExchangeState> authSrcCredentialExchangeState_;
154 std::shared_ptr<AuthSinkCredentialExchangeState> authSinkCredentialExchangeState_;
155 std::shared_ptr<AuthSrcCredentialAuthStartState> authSrcCredentialAuthStartState_;
156 std::shared_ptr<AuthSrcStartState> authSrcStartState_;
157 std::shared_ptr<AuthSrcNegotiateStateMachine> authSrcNegotiateStateMachine_;
158 std::shared_ptr<AuthSinkNegotiateStateMachine> authSinkNegotiateStateMachine_;
159 };
160
161
GenerateStrings(std::vector<std::string> & strings,FuzzedDataProvider & fdp)162 void GenerateStrings(std::vector<std::string> &strings, FuzzedDataProvider &fdp)
163 {
164 size_t vectorSize = fdp.ConsumeIntegralInRange<size_t>(2, 10);
165
166 for (size_t i = 0; i < vectorSize; ++i) {
167 size_t strLen = fdp.ConsumeIntegralInRange<size_t>(0, 50);
168 strings.push_back(fdp.ConsumeBytesAsString(strLen));
169 }
170 }
171
GenerateJsonObject(JsonObject & jsonObject,FuzzedDataProvider & fdp)172 void GenerateJsonObject(JsonObject &jsonObject, FuzzedDataProvider &fdp)
173 {
174 jsonObject[TAG_DATA] = fdp.ConsumeRandomLengthString();
175 jsonObject[TAG_PEER_PKG_NAME] = fdp.ConsumeRandomLengthString();
176 jsonObject[TAG_DM_VERSION_V2] = fdp.ConsumeRandomLengthString();
177 jsonObject[TAG_USER_ID] = fdp.ConsumeRandomLengthString();
178 jsonObject[TAG_DEVICE_ID_HASH] = fdp.ConsumeRandomLengthString();
179 jsonObject[TAG_ACCOUNT_ID_HASH] = fdp.ConsumeRandomLengthString();
180 jsonObject[TAG_TOKEN_ID_HASH] = fdp.ConsumeRandomLengthString();
181 jsonObject[TAG_BUNDLE_NAME_V2] = fdp.ConsumeRandomLengthString();
182 jsonObject[TAG_EXTRA_INFO] = fdp.ConsumeRandomLengthString();
183 jsonObject[TAG_PEER_BUNDLE_NAME_V2] = fdp.ConsumeRandomLengthString();
184 jsonObject[DM_TAG_LOGICAL_SESSION_ID] = fdp.ConsumeIntegral<uint64_t>();
185 jsonObject[TAG_PEER_DISPLAY_ID] = fdp.ConsumeIntegral<int32_t>();
186 jsonObject[DM_BUSINESS_ID] = fdp.ConsumeRandomLengthString();
187 }
188
ActionFuzzTest(FuzzTestContext & ctx)189 void ActionFuzzTest(FuzzTestContext &ctx)
190 {
191 ctx.authSrcPinAuthStartState_->Action(ctx.context_);
192 ctx.authSinkPinAuthStartState_->Action(ctx.context_);
193 ctx.authSrcPinAuthMsgNegotiateState_->Action(ctx.context_);
194 ctx.authSinkPinAuthMsgNegotiateState_->Action(ctx.context_);
195 ctx.authSinkPinAuthDoneState_->Action(ctx.context_);
196 ctx.authSrcPinAuthDoneState_->Action(ctx.context_);
197 ctx.authSrcPinNegotiateStartState_->Action(ctx.context_);
198 ctx.authSinkPinNegotiateStartState_->Action(ctx.context_);
199 ctx.authSinkPinDisplayState_->Action(ctx.context_);
200 ctx.authSrcReverseUltrasonicStartState_->Action(ctx.context_);
201 ctx.authSrcReverseUltrasonicDoneState_->Action(ctx.context_);
202 ctx.authSrcForwardUltrasonicStartState_->Action(ctx.context_);
203 ctx.authSrcForwardUltrasonicDoneState_->Action(ctx.context_);
204 ctx.authSinkReverseUltrasonicStartState_->Action(ctx.context_);
205 ctx.authSinkReverseUltrasonicDoneState_->Action(ctx.context_);
206 ctx.authSinkForwardUltrasonicStartState_->Action(ctx.context_);
207 ctx.authSinkForwardUltrasonicDoneState_->Action(ctx.context_);
208 ctx.authSrcCredentialAuthNegotiateState_->Action(ctx.context_);
209 ctx.authSrcCredentialAuthDoneState_->Action(ctx.context_);
210 ctx.authSinkCredentialAuthStartState_->Action(ctx.context_);
211 ctx.authSinkCredentialAuthNegotiateState_->Action(ctx.context_);
212 ctx.authSrcCredentialExchangeState_->Action(ctx.context_);
213 ctx.authSinkCredentialExchangeState_->Action(ctx.context_);
214 ctx.authSrcCredentialAuthStartState_->Action(ctx.context_);
215 ctx.authSrcConfirmState_->Action(ctx.context_);
216 ctx.authSinkConfirmState_->Action(ctx.context_);
217 ctx.authSrcStartState_->Action(ctx.context_);
218 ctx.authSrcNegotiateStateMachine_->Action(ctx.context_);
219 ctx.authSinkNegotiateStateMachine_->Action(ctx.context_);
220 }
221
AuthConfirmFuzzTestNext(FuzzTestContext & ctx,JsonObject & jsonObject,FuzzedDataProvider & fdp)222 void AuthConfirmFuzzTestNext(FuzzTestContext &ctx, JsonObject &jsonObject, FuzzedDataProvider &fdp)
223 {
224 DistributedDeviceProfile::Accesser accesser;
225 DistributedDeviceProfile::Accessee accessee;
226 accesser.SetAccesserExtraData(fdp.ConsumeRandomLengthString());
227 accessee.SetAccesseeExtraData(fdp.ConsumeRandomLengthString());
228 ctx.authSrcConfirmState_->NegotiateCredential(ctx.context_, jsonObject);
229 ctx.authSrcConfirmState_->NegotiateAcl(ctx.context_, jsonObject);
230 ctx.authSrcConfirmState_->GetIdenticalCredentialInfo(ctx.context_, jsonObject);
231 ctx.authSrcConfirmState_->GetShareCredentialInfo(ctx.context_, jsonObject);
232 ctx.authSrcConfirmState_->GetP2PCredentialInfo(ctx.context_, jsonObject);
233 ctx.authSinkConfirmState_->CreateProxyData(ctx.context_, jsonObject);
234 ctx.authSinkConfirmState_->NegotiateCredential(ctx.context_, jsonObject);
235 ctx.authSinkConfirmState_->NegotiateAcl(ctx.context_, jsonObject);
236 ctx.authSinkNegotiateStateMachine_->GetIdenticalCredentialInfo(ctx.context_, jsonObject);
237 ctx.authSinkNegotiateStateMachine_->GetShareCredentialInfo(ctx.context_, jsonObject);
238 ctx.authSinkNegotiateStateMachine_->GetP2PCredentialInfo(ctx.context_, jsonObject);
239 ctx.authSrcConfirmState_->GetCustomDescBySinkLanguage(ctx.context_);
240 ctx.authSinkConfirmState_->ShowConfigDialog(ctx.context_);
241 ctx.authSinkConfirmState_->ReadServiceInfo(ctx.context_);
242 ctx.authSinkConfirmState_->ProcessBindAuthorize(ctx.context_);
243 ctx.authSinkConfirmState_->ProcessNoBindAuthorize(ctx.context_);
244 ctx.authSinkStatePinAuthComm_->IsAuthCodeReady(ctx.context_);
245 ctx.authSinkStatePinAuthComm_->GeneratePincode(ctx.context_);
246 ctx.authSinkStatePinAuthComm_->ShowAuthInfoDialog(ctx.context_);
247 ctx.authSinkNegotiateStateMachine_->RespQueryAcceseeIds(ctx.context_);
248 ctx.authSinkNegotiateStateMachine_->ProcRespNegotiate5_1_0(ctx.context_);
249 ctx.authSrcConfirmState_->IdenticalAccountAclCompare(ctx.context_, accesser, accessee);
250 ctx.authSrcConfirmState_->ShareAclCompare(ctx.context_, accesser, accessee);
251 ctx.authSrcConfirmState_->Point2PointAclCompare(ctx.context_, accesser, accessee);
252 ctx.authSrcConfirmState_->LnnAclCompare(ctx.context_, accesser, accessee);
253 ctx.authSinkNegotiateStateMachine_->IdenticalAccountAclCompare(ctx.context_, accesser, accessee);
254 ctx.authSinkNegotiateStateMachine_->ShareAclCompare(ctx.context_, accesser, accessee);
255 ctx.authSinkNegotiateStateMachine_->Point2PointAclCompare(ctx.context_, accesser, accessee);
256 ctx.authSinkNegotiateStateMachine_->LnnAclCompare(ctx.context_, accesser, accessee);
257 ctx.authSrcPinInputState_->ShowStartAuthDialog(ctx.context_);
258 ctx.authSrcPinInputState_->Action(ctx.context_);
259 ctx.context_->importAuthCode = "123456";
260 ctx.context_->importPkgName = "pkgName";
261 ctx.authSinkStatePinAuthComm_->IsAuthCodeReady(ctx.context_);
262 ctx.authSinkStatePinAuthComm_->IsPinCodeValid(ctx.context_->importAuthCode);
263 }
264
AuthConfirmFuzzTestThird(FuzzTestContext & ctx,FuzzedDataProvider & fdp)265 void AuthConfirmFuzzTestThird(FuzzTestContext &ctx, FuzzedDataProvider &fdp)
266 {
267 std::string businessId = fdp.ConsumeRandomLengthString();
268 std::string businessValue = fdp.ConsumeRandomLengthString();
269 std::string authorizeInfo = fdp.ConsumeRandomLengthString();
270 std::vector<std::string> deleteCredInfo;
271 DistributedDeviceProfile::AccessControlProfile acl;
272 ctx.authSinkNegotiateStateMachine_->IsAntiDisturbanceMode(businessId);
273 ctx.authSinkNegotiateStateMachine_->IsAntiDisturbanceMode("");
274 ctx.authSinkNegotiateStateMachine_->ParseAndCheckAntiDisturbanceMode(businessId, businessValue);
275 businessId = "test_business_id";
276 businessValue = "{\"business_id\":\"test_business_id\",\"is_in_anti_disturbance_mode\":true}";
277 ctx.authSinkNegotiateStateMachine_->ParseAndCheckAntiDisturbanceMode(businessId, businessValue);
278 ctx.authSrcNegotiateStateMachine_->GetStateType();
279 ctx.authSrcPinAuthStartState_->GetStateType();
280 ctx.authSinkPinAuthDoneState_->GetStateType();
281 ctx.authSrcReverseUltrasonicStartState_->GetStateType();
282 ctx.authSrcForwardUltrasonicStartState_->GetStateType();
283 ctx.authSinkReverseUltrasonicStartState_->GetStateType();
284 ctx.authSinkForwardUltrasonicDoneState_->GetStateType();
285 ctx.authSrcPinNegotiateStartState_->ProcessCredAuth(ctx.context_);
286 int32_t credType = fdp.ConsumeIntegral<int32_t>();
287 ctx.authSrcPinNegotiateStartState_->GetCredIdByCredType(ctx.context_, credType);
288 ctx.context_->IsProxyBind = true;
289 ctx.authSrcConfirmState_->NegotiateProxyCredential(ctx.context_);
290 ctx.authSrcConfirmState_->NegotiateProxyAcl(ctx.context_);
291 ctx.authSrcConfirmState_->ResetBindLevel(ctx.context_);
292 ctx.authSinkConfirmState_->GetBundleLabel(ctx.context_);
293 ctx.authSinkConfirmState_->NegotiateProxyAcl(ctx.context_);
294 ctx.authSinkConfirmState_->ProcessUserAuthorize(ctx.context_);
295 ctx.authSinkConfirmState_->ProcessServerAuthorize(ctx.context_);
296 ctx.authSinkConfirmState_->NegotiateProxyCredential(ctx.context_);
297 ctx.authSrcConfirmState_->GetSrcProxyCredTypeForP2P(ctx.context_, deleteCredInfo);
298 ctx.authSinkConfirmState_->ProcessUserOption(ctx.context_, authorizeInfo);
299 ctx.authSrcConfirmState_->GetSrcProxyAclInfoForP2P(ctx.context_, acl);
300 }
301
SetupContextAndGenerateData(FuzzTestContext & ctx,FuzzedDataProvider & fdp,JsonObject & jsonObject,JsonObject & jsonObjectTwo,JsonObject & jsonObjectThree)302 void SetupContextAndGenerateData(FuzzTestContext &ctx, FuzzedDataProvider &fdp, JsonObject &jsonObject,
303 JsonObject &jsonObjectTwo, JsonObject &jsonObjectThree)
304 {
305 uint32_t bindType = fdp.ConsumeIntegralInRange<uint32_t>(0, 1024);
306 int32_t credType = fdp.ConsumeIntegral<int32_t>();
307 int32_t numpin = fdp.ConsumeIntegral<int32_t>();
308 std::string credId = fdp.ConsumeRandomLengthString();
309 std::string name = fdp.ConsumeRandomLengthString();
310 std::string strpin = fdp.ConsumeRandomLengthString();
311 bool checkResult = fdp.ConsumeBool();
312 DistributedDeviceProfile::AccessControlProfile acl;
313 DistributedDeviceProfile::Accesser accesser;
314 DistributedDeviceProfile::Accessee accessee;
315 acl.SetExtraData(fdp.ConsumeRandomLengthString());
316 accesser.SetAccesserExtraData(fdp.ConsumeRandomLengthString());
317 accessee.SetAccesseeExtraData(fdp.ConsumeRandomLengthString());
318 std::vector<std::string> deleteCredInfo;
319 GenerateStrings(deleteCredInfo, fdp);
320 ctx.context_->extraInfo = fdp.ConsumeRandomLengthString();
321 ctx.authSrcConfirmState_->GetSrcAclInfoForP2P(ctx.context_, acl, jsonObject, jsonObjectTwo);
322 ctx.authSrcConfirmState_->CheckCredIdInAcl(ctx.context_, acl, jsonObject, bindType);
323 ctx.authSrcConfirmState_->CheckCredIdInAclForP2P(ctx.context_, credId, acl, jsonObjectTwo, bindType, checkResult);
324 ctx.authSrcConfirmState_->GetSrcCredType(ctx.context_, jsonObject, jsonObjectTwo, jsonObjectThree);
325 ctx.authSrcConfirmState_->GetSrcCredTypeForP2P(ctx.context_, jsonObject, jsonObjectTwo, jsonObjectThree, credType,
326 deleteCredInfo);
327 ctx.authSinkConfirmState_->MatchFallBackCandidateList(ctx.context_, DmAuthType::AUTH_TYPE_PIN);
328 ctx.authSinkConfirmState_->GetCredIdByCredType(ctx.context_, credType);
329 ctx.authSinkStatePinAuthComm_->HandleSessionHeartbeat(ctx.context_, name);
330 ctx.authSinkStatePinAuthComm_->IsPinCodeValid(numpin);
331 ctx.authSinkStatePinAuthComm_->IsPinCodeValid(strpin);
332 ctx.authSinkNegotiateStateMachine_->GetSinkAclInfo(ctx.context_, jsonObject, jsonObjectTwo);
333 ctx.authSinkNegotiateStateMachine_->GetSinkAclInfoForP2P(ctx.context_, acl, jsonObject, jsonObjectTwo);
334 ctx.authSinkNegotiateStateMachine_->CheckCredIdInAcl(ctx.context_, acl, jsonObject, bindType);
335 ctx.authSinkNegotiateStateMachine_->CheckCredIdInAclForP2P(ctx.context_, credId, acl, jsonObject, bindType,
336 checkResult);
337 ctx.authSinkNegotiateStateMachine_->GetSinkCredType(ctx.context_, jsonObject, jsonObjectTwo, jsonObjectThree);
338 ctx.authSinkNegotiateStateMachine_->GetSinkCredTypeForP2P(ctx.context_, jsonObject, jsonObjectTwo, jsonObjectThree,
339 credType, deleteCredInfo);
340 ctx.authSrcConfirmState_->GetSrcAclInfo(ctx.context_, jsonObject, jsonObjectTwo);
341 }
342
AuthConfirmFuzzTest(const uint8_t * data,size_t size)343 void AuthConfirmFuzzTest(const uint8_t* data, size_t size)
344 {
345 if ((data == nullptr) || (size < sizeof(int32_t))) {
346 return;
347 }
348
349 FuzzTestContext ctx;
350 FuzzedDataProvider fdp(data, size);
351
352 JsonObject jsonObject;
353 JsonObject jsonObjectTwo;
354 JsonObject jsonObjectThree;
355 GenerateJsonObject(jsonObject, fdp);
356 GenerateJsonObject(jsonObjectTwo, fdp);
357 GenerateJsonObject(jsonObjectThree, fdp);
358
359 SetupContextAndGenerateData(ctx, fdp, jsonObject, jsonObjectTwo, jsonObjectThree);
360
361 ActionFuzzTest(ctx);
362 AuthConfirmFuzzTestNext(ctx, jsonObject, fdp);
363 AuthConfirmFuzzTestThird(ctx, fdp);
364 }
365 }
366 }
367
368 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)369 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
370 {
371 /* Run your code on data */
372 OHOS::DistributedHardware::AuthConfirmFuzzTest(data, size);
373
374 return 0;
375 }
376