• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "pin_auth_hdi_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <cinttypes>
21 
22 #include "parcel.h"
23 
24 #include "iam_logger.h"
25 #include "iam_fuzz_test.h"
26 #include "executor_impl.h"
27 
28 #define LOG_LABEL OHOS::UserIam::Common::LABEL_PIN_AUTH_HDI
29 
30 #undef private
31 
32 using namespace std;
33 using namespace OHOS::UserIam::Common;
34 
35 namespace OHOS {
36 namespace HDI {
37 namespace PinAuth {
38 namespace {
39 class DummyIExecutorCallback : public IExecutorCallback {
40 public:
DummyIExecutorCallback(int32_t onResultResult,int32_t onGetDataResult)41     DummyIExecutorCallback(int32_t onResultResult, int32_t onGetDataResult)
42         : onResultResult_(onResultResult), onGetDataResult_(onGetDataResult)
43     {
44     }
45 
OnResult(int32_t result,const std::vector<uint8_t> & extraInfo)46     int32_t OnResult(int32_t result, const std::vector<uint8_t> &extraInfo) override
47     {
48         IAM_LOGI("result %{public}d extraInfo len %{public}zu", result, extraInfo.size());
49         return onResultResult_;
50     }
51 
OnGetData(uint64_t scheduleId,const std::vector<uint8_t> & salt,uint64_t authSubType)52     int32_t OnGetData(uint64_t scheduleId, const std::vector<uint8_t> &salt, uint64_t authSubType) override
53     {
54         IAM_LOGI("scheduleId %{public}" PRIu64 ", salt len %{public}zu authSubType %{public}" PRIu64,
55             scheduleId, salt.size(), authSubType);
56         return onGetDataResult_;
57     }
58 
59 private:
60     int32_t onResultResult_;
61     int32_t onGetDataResult_;
62 };
63 
64 ExecutorImpl g_executorImpl(make_shared<OHOS::UserIam::PinAuth::PinAuth>());
65 
FillFuzzExecutorInfo(Parcel & parcel,ExecutorInfo & executorInfo)66 void FillFuzzExecutorInfo(Parcel &parcel, ExecutorInfo &executorInfo)
67 {
68     executorInfo.sensorId = parcel.ReadUint16();
69     executorInfo.executorType = parcel.ReadUint32();
70     executorInfo.executorRole = static_cast<ExecutorRole>(parcel.ReadInt32());
71     executorInfo.authType = static_cast<AuthType>(parcel.ReadInt32());
72     executorInfo.esl = static_cast<ExecutorSecureLevel>(parcel.ReadInt32());
73     FillFuzzUint8Vector(parcel, executorInfo.publicKey);
74     FillFuzzUint8Vector(parcel, executorInfo.extraInfo);
75     IAM_LOGI("success");
76 }
77 
FillFuzzTemplateInfo(Parcel & parcel,TemplateInfo & templateInfo)78 void FillFuzzTemplateInfo(Parcel &parcel, TemplateInfo &templateInfo)
79 {
80     templateInfo.executorType = parcel.ReadUint32();
81     templateInfo.lockoutDuration = parcel.ReadInt32();
82     templateInfo.remainAttempts = parcel.ReadInt32();
83     FillFuzzUint8Vector(parcel, templateInfo.extraInfo);
84     IAM_LOGI("success");
85 }
86 
FillFuzzIExecutorCallback(Parcel & parcel,sptr<IExecutorCallback> & callbackObj)87 void FillFuzzIExecutorCallback(Parcel &parcel, sptr<IExecutorCallback> &callbackObj)
88 {
89     bool isNull = parcel.ReadBool();
90     if (isNull) {
91         callbackObj = nullptr;
92     } else {
93         callbackObj = new (std::nothrow) DummyIExecutorCallback(parcel.ReadInt32(), parcel.ReadInt32());
94         if (callbackObj == nullptr) {
95             IAM_LOGE("callbackObj construct fail");
96         }
97     }
98     IAM_LOGI("success");
99 }
100 
FillFuzzGetPropertyTypeVector(Parcel & parcel,std::vector<GetPropertyType> & types)101 void FillFuzzGetPropertyTypeVector(Parcel &parcel, std::vector<GetPropertyType> &types)
102 {
103     std::vector<uint32_t> propertyTypeUint32;
104     FillFuzzUint32Vector(parcel, propertyTypeUint32);
105     for (const auto& val : propertyTypeUint32) {
106         types.push_back(static_cast<GetPropertyType>(val));
107     }
108 
109     IAM_LOGI("success");
110 }
111 
FillFuzzProperty(Parcel & parcel,Property & property)112 void FillFuzzProperty(Parcel &parcel, Property &property)
113 {
114     property.authSubType = parcel.ReadUint64();
115     property.lockoutDuration = parcel.ReadInt32();
116     property.remainAttempts = parcel.ReadInt32();
117 
118     IAM_LOGI("success");
119 }
120 
FuzzGetExecutorInfo(Parcel & parcel)121 void FuzzGetExecutorInfo(Parcel &parcel)
122 {
123     IAM_LOGI("begin");
124     ExecutorInfo executorInfo;
125     FillFuzzExecutorInfo(parcel, executorInfo);
126     g_executorImpl.GetExecutorInfo(executorInfo);
127     IAM_LOGI("end");
128 }
129 
FuzzGetTemplateInfo(Parcel & parcel)130 void FuzzGetTemplateInfo(Parcel &parcel)
131 {
132     IAM_LOGI("begin");
133     uint64_t templateId = parcel.ReadUint64();
134     TemplateInfo templateInfo;
135     FillFuzzTemplateInfo(parcel, templateInfo);
136     g_executorImpl.GetTemplateInfo(templateId, templateInfo);
137     IAM_LOGI("end");
138 }
139 
FuzzOnRegisterFinish(Parcel & parcel)140 void FuzzOnRegisterFinish(Parcel &parcel)
141 {
142     IAM_LOGI("begin");
143     std::vector<uint64_t> templateIdList;
144     FillFuzzUint64Vector(parcel, templateIdList);
145     std::vector<uint8_t> frameworkPublicKey;
146     FillFuzzUint8Vector(parcel, frameworkPublicKey);
147     std::vector<uint8_t> extraInfo;
148     FillFuzzUint8Vector(parcel, extraInfo);
149     g_executorImpl.OnRegisterFinish(templateIdList, frameworkPublicKey, extraInfo);
150     IAM_LOGI("end");
151 }
152 
FuzzOnSetData(Parcel & parcel)153 void FuzzOnSetData(Parcel &parcel)
154 {
155     IAM_LOGI("begin");
156     uint64_t scheduleId = parcel.ReadUint64();
157     uint64_t authSubType = parcel.ReadUint64();
158     std::vector<uint8_t> data;
159     FillFuzzUint8Vector(parcel, data);
160     g_executorImpl.OnSetData(scheduleId, authSubType, data);
161     IAM_LOGI("end");
162 }
163 
FuzzEnroll(Parcel & parcel)164 void FuzzEnroll(Parcel &parcel)
165 {
166     IAM_LOGI("begin");
167     uint64_t scheduleId = parcel.ReadUint64();
168     std::vector<uint8_t> extraInfo;
169     FillFuzzUint8Vector(parcel, extraInfo);
170     sptr<IExecutorCallback> callbackObj;
171     FillFuzzIExecutorCallback(parcel, callbackObj);
172     g_executorImpl.Enroll(scheduleId, extraInfo, callbackObj);
173     IAM_LOGI("end");
174 }
175 
FuzzAuthenticate(Parcel & parcel)176 void FuzzAuthenticate(Parcel &parcel)
177 {
178     IAM_LOGI("begin");
179     uint64_t scheduleId = parcel.ReadUint64();
180     uint64_t templateId = parcel.ReadUint64();
181     std::vector<uint8_t> extraInfo;
182     FillFuzzUint8Vector(parcel, extraInfo);
183     sptr<IExecutorCallback> callbackObj;
184     FillFuzzIExecutorCallback(parcel, callbackObj);
185     g_executorImpl.Authenticate(scheduleId, templateId, extraInfo, callbackObj);
186     IAM_LOGI("end");
187 }
188 
FuzzDelete(Parcel & parcel)189 void FuzzDelete(Parcel &parcel)
190 {
191     IAM_LOGI("begin");
192     uint64_t templateId = parcel.ReadUint64();
193     g_executorImpl.Delete(templateId);
194     IAM_LOGI("end");
195 }
196 
FuzzCancel(Parcel & parcel)197 void FuzzCancel(Parcel &parcel)
198 {
199     IAM_LOGI("begin");
200     uint64_t scheduleId = parcel.ReadUint64();
201     g_executorImpl.Cancel(scheduleId);
202     IAM_LOGI("end");
203 }
204 
FuzzSendCommand(Parcel & parcel)205 void FuzzSendCommand(Parcel &parcel)
206 {
207     IAM_LOGI("begin");
208     int32_t commandId = parcel.ReadInt32();
209     std::vector<uint8_t> extraInfo;
210     FillFuzzUint8Vector(parcel, extraInfo);
211     sptr<IExecutorCallback> callbackObj;
212     FillFuzzIExecutorCallback(parcel, callbackObj);
213     g_executorImpl.SendCommand(commandId, extraInfo, callbackObj);
214     IAM_LOGI("end");
215 }
216 
217 
FuzzGetProperty(Parcel & parcel)218 void FuzzGetProperty(Parcel &parcel)
219 {
220     IAM_LOGI("begin");
221     std::vector<uint64_t> templateIdList;
222     FillFuzzUint64Vector(parcel, templateIdList);
223     std::vector<GetPropertyType> propertyTypes;
224     FillFuzzGetPropertyTypeVector(parcel, propertyTypes);
225     Property property;
226     FillFuzzProperty(parcel, property);
227 
228     g_executorImpl.GetProperty(templateIdList, propertyTypes, property);
229     IAM_LOGI("end");
230 }
231 
232 using FuzzFunc = decltype(FuzzGetExecutorInfo);
233 FuzzFunc *g_fuzzFuncs[] = {
234     FuzzGetExecutorInfo,
235     FuzzGetTemplateInfo,
236     FuzzOnRegisterFinish,
237     FuzzOnSetData,
238     FuzzEnroll,
239     FuzzAuthenticate,
240     FuzzDelete,
241     FuzzCancel,
242     FuzzSendCommand,
243     FuzzGetProperty,
244 };
245 
PinAuthHdiFuzzTest(const uint8_t * data,size_t size)246 void PinAuthHdiFuzzTest(const uint8_t *data, size_t size)
247 {
248     Parcel parcel;
249     parcel.WriteBuffer(data, size);
250     parcel.RewindRead(0);
251     uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
252     auto fuzzFunc = g_fuzzFuncs[index];
253     fuzzFunc(parcel);
254     return;
255 }
256 } // namespace
257 } // namespace PinAuth
258 } // namespace HDI
259 } // namespace OHOS
260 
261 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)262 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
263 {
264     OHOS::HDI::PinAuth::PinAuthHdiFuzzTest(data, size);
265     return 0;
266 }
267