1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_idm_client_fuzzer.h"
17
18 #include "parcel.h"
19
20 #include "user_idm_client.h"
21 #include "user_idm_callback_service.h"
22 #include "iam_fuzz_test.h"
23 #include "iam_logger.h"
24 #include "iam_ptr.h"
25
26 #define LOG_LABEL OHOS::UserIam::Common::LABEL_USER_AUTH_SDK
27
28 namespace OHOS {
29 namespace UserIam {
30 namespace UserAuth {
31 namespace {
32 class DummyUserIdmClientCallback final : public UserIdmClientCallback {
33 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)34 void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
35 {
36 IAM_LOGI("start");
37 static_cast<void>(module);
38 static_cast<void>(acquireInfo);
39 static_cast<void>(extraInfo);
40 }
41
OnResult(int32_t result,const Attributes & extraInfo)42 void OnResult(int32_t result, const Attributes &extraInfo)
43 {
44 IAM_LOGI("start");
45 static_cast<void>(result);
46 static_cast<void>(extraInfo);
47 }
48 };
49
50 class DummyGetCredentialInfoCallback final : public GetCredentialInfoCallback {
51 public:
OnCredentialInfo(const std::vector<CredentialInfo> & infoList)52 void OnCredentialInfo(const std::vector<CredentialInfo> &infoList)
53 {
54 IAM_LOGI("start");
55 static_cast<void>(infoList);
56 }
57 };
58
59 class DummyGetSecUserInfoCallback final : public GetSecUserInfoCallback {
60 public:
OnSecUserInfo(const SecUserInfo & info)61 void OnSecUserInfo(const SecUserInfo &info)
62 {
63 IAM_LOGI("start");
64 static_cast<void>(info);
65 }
66 };
67
FuzzClientOpenSession(Parcel & parcel)68 void FuzzClientOpenSession(Parcel &parcel)
69 {
70 IAM_LOGI("start");
71 int32_t userId = parcel.ReadInt32();
72 UserIdmClient::GetInstance().OpenSession(userId);
73 IAM_LOGI("end");
74 }
75
FuzzClientCloseSession(Parcel & parcel)76 void FuzzClientCloseSession(Parcel &parcel)
77 {
78 IAM_LOGI("start");
79 int32_t userId = parcel.ReadInt32();
80 UserIdmClient::GetInstance().CloseSession(userId);
81 IAM_LOGI("end");
82 }
83
FuzzClientAddCredential(Parcel & parcel)84 void FuzzClientAddCredential(Parcel &parcel)
85 {
86 IAM_LOGI("start");
87 int32_t userId = parcel.ReadInt32();
88 CredentialParameters para = {};
89 para.authType = static_cast<AuthType>(parcel.ReadInt32());
90 Common::FillFuzzUint8Vector(parcel, para.token);
91 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
92 UserIdmClient::GetInstance().AddCredential(userId, para, callback);
93 IAM_LOGI("end");
94 }
95
FuzzClientUpdateCredential(Parcel & parcel)96 void FuzzClientUpdateCredential(Parcel &parcel)
97 {
98 IAM_LOGI("start");
99 int32_t userId = parcel.ReadInt32();
100 CredentialParameters para = {};
101 para.authType = static_cast<AuthType>(parcel.ReadInt32());
102 Common::FillFuzzUint8Vector(parcel, para.token);
103 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
104 UserIdmClient::GetInstance().UpdateCredential(userId, para, callback);
105 IAM_LOGI("end");
106 }
107
FuzzClientCancel(Parcel & parcel)108 void FuzzClientCancel(Parcel &parcel)
109 {
110 IAM_LOGI("start");
111 int32_t userId = parcel.ReadInt32();
112 UserIdmClient::GetInstance().Cancel(userId);
113 IAM_LOGI("end");
114 }
115
FuzzClientDeleteCredential(Parcel & parcel)116 void FuzzClientDeleteCredential(Parcel &parcel)
117 {
118 IAM_LOGI("start");
119 int32_t userId = parcel.ReadInt32();
120 uint64_t credentialId = parcel.ReadUint64();
121 std::vector<uint8_t> authToken;
122 Common::FillFuzzUint8Vector(parcel, authToken);
123 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
124 UserIdmClient::GetInstance().DeleteCredential(userId, credentialId, authToken, callback);
125 IAM_LOGI("end");
126 }
127
FuzzClientDeleteUser(Parcel & parcel)128 void FuzzClientDeleteUser(Parcel &parcel)
129 {
130 IAM_LOGI("start");
131 int32_t userId = parcel.ReadInt32();
132 std::vector<uint8_t> authToken;
133 Common::FillFuzzUint8Vector(parcel, authToken);
134 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
135 UserIdmClient::GetInstance().DeleteUser(userId, authToken, callback);
136 IAM_LOGI("end");
137 }
138
FuzzClientEraseUser(Parcel & parcel)139 void FuzzClientEraseUser(Parcel &parcel)
140 {
141 IAM_LOGI("start");
142 int32_t userId = parcel.ReadInt32();
143 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
144 UserIdmClient::GetInstance().EraseUser(userId, callback);
145 IAM_LOGI("end");
146 }
147
FuzzClientGetCredentialInfo(Parcel & parcel)148 void FuzzClientGetCredentialInfo(Parcel &parcel)
149 {
150 IAM_LOGI("start");
151 int32_t userId = parcel.ReadInt32();
152 auto authType = static_cast<AuthType>(parcel.ReadInt32());
153 auto callback = Common::MakeShared<DummyGetCredentialInfoCallback>();
154 UserIdmClient::GetInstance().GetCredentialInfo(userId, authType, callback);
155 IAM_LOGI("end");
156 }
157
FuzzClientGetSecUserInfo(Parcel & parcel)158 void FuzzClientGetSecUserInfo(Parcel &parcel)
159 {
160 IAM_LOGI("start");
161 int32_t userId = parcel.ReadInt32();
162 auto callback = Common::MakeShared<DummyGetSecUserInfoCallback>();
163 UserIdmClient::GetInstance().GetSecUserInfo(userId, callback);
164 IAM_LOGI("end");
165 }
166
167 auto g_IdmCallbackService =
168 Common::MakeShared<IdmCallbackService>(Common::MakeShared<DummyUserIdmClientCallback>());
169
170 auto g_IdmGetCredInfoCallbackService =
171 Common::MakeShared<IdmGetCredInfoCallbackService>(Common::MakeShared<DummyGetCredentialInfoCallback>());
172
173 auto g_IdmGetSecureUserInfoCallbackService =
174 Common::MakeShared<IdmGetSecureUserInfoCallbackService>(Common::MakeShared<DummyGetSecUserInfoCallback>());
175
FuzzIdmCallbackServiceOnResult(Parcel & parcel)176 void FuzzIdmCallbackServiceOnResult(Parcel &parcel)
177 {
178 IAM_LOGI("start");
179 int32_t result = parcel.ReadInt32();
180 std::vector<uint8_t> attr;
181 Common::FillFuzzUint8Vector(parcel, attr);
182 Attributes extraInfo(attr);
183 if (g_IdmCallbackService != nullptr) {
184 g_IdmCallbackService->OnResult(result, extraInfo);
185 }
186 IAM_LOGI("end");
187 }
188
FuzzIdmCallbackServiceOnAcquireInfo(Parcel & parcel)189 void FuzzIdmCallbackServiceOnAcquireInfo(Parcel &parcel)
190 {
191 IAM_LOGI("start");
192 int32_t module = parcel.ReadInt32();
193 int32_t acquireInfo = parcel.ReadInt32();
194 std::vector<uint8_t> attr;
195 Common::FillFuzzUint8Vector(parcel, attr);
196 Attributes extraInfo(attr);
197 if (g_IdmCallbackService != nullptr) {
198 g_IdmCallbackService->OnAcquireInfo(module, acquireInfo, extraInfo);
199 }
200 IAM_LOGI("end");
201 }
202
FuzzCallbackServiceOnCredentialInfos(Parcel & parcel)203 void FuzzCallbackServiceOnCredentialInfos(Parcel &parcel)
204 {
205 IAM_LOGI("start");
206 CredentialInfo info = {};
207 info.authType = static_cast<AuthType>(parcel.ReadInt32());
208 info.credentialId = parcel.ReadUint64();
209 info.templateId = parcel.ReadUint64();
210 info.pinType = static_cast<PinSubType>(parcel.ReadInt32());
211 std::vector<CredentialInfo> credInfoList = {info};
212
213 if (g_IdmGetCredInfoCallbackService != nullptr) {
214 g_IdmGetCredInfoCallbackService->OnCredentialInfos(credInfoList);
215 }
216 IAM_LOGI("end");
217 }
218
FuzzCallbackServiceOnSecureUserInfo(Parcel & parcel)219 void FuzzCallbackServiceOnSecureUserInfo(Parcel &parcel)
220 {
221 IAM_LOGI("start");
222 SecUserInfo secUserInfo = {};
223 secUserInfo.secureUid = parcel.ReadUint64();
224 EnrolledInfo info = {};
225 info.authType = static_cast<AuthType>(parcel.ReadInt32());
226 info.enrolledId = parcel.ReadUint64();
227 secUserInfo.enrolledInfo = {info};
228
229 if (g_IdmGetSecureUserInfoCallbackService != nullptr) {
230 g_IdmGetSecureUserInfoCallbackService->OnSecureUserInfo(secUserInfo);
231 }
232 IAM_LOGI("end");
233 }
234
235 using FuzzFunc = decltype(FuzzClientOpenSession);
236 FuzzFunc *g_fuzzFuncs[] = {
237 FuzzClientOpenSession,
238 FuzzClientCloseSession,
239 FuzzClientAddCredential,
240 FuzzClientUpdateCredential,
241 FuzzClientCancel,
242 FuzzClientDeleteCredential,
243 FuzzClientDeleteUser,
244 FuzzClientEraseUser,
245 FuzzClientGetCredentialInfo,
246 FuzzClientGetSecUserInfo,
247 FuzzIdmCallbackServiceOnResult,
248 FuzzIdmCallbackServiceOnAcquireInfo,
249 FuzzCallbackServiceOnCredentialInfos,
250 FuzzCallbackServiceOnSecureUserInfo,
251 };
252
UserIdmClientFuzzTest(const uint8_t * data,size_t size)253 void UserIdmClientFuzzTest(const uint8_t *data, size_t size)
254 {
255 Parcel parcel;
256 parcel.WriteBuffer(data, size);
257 parcel.RewindRead(0);
258 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
259 auto fuzzFunc = g_fuzzFuncs[index];
260 fuzzFunc(parcel);
261 return;
262 }
263 } // namespace
264 } // namespace UserAuth
265 } // namespace UserIam
266 } // namespace OHOS
267
268 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)269 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
270 {
271 OHOS::UserIam::UserAuth::UserIdmClientFuzzTest(data, size);
272 return 0;
273 }
274