1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "pin_auth_hdi_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <cinttypes>
21
22 #include "parcel.h"
23
24 #include "iam_logger.h"
25 #include "iam_fuzz_test.h"
26 #include "executor_impl.h"
27
28 #define LOG_LABEL OHOS::UserIam::Common::LABEL_PIN_AUTH_HDI
29
30 #undef private
31
32 using namespace std;
33 using namespace OHOS::UserIam::Common;
34
35 namespace OHOS {
36 namespace HDI {
37 namespace PinAuth {
38 namespace {
39 class DummyIExecutorCallback : public IExecutorCallback {
40 public:
DummyIExecutorCallback(int32_t onResultResult,int32_t onGetDataResult,int32_t onGetDataV1Result)41 DummyIExecutorCallback(int32_t onResultResult, int32_t onGetDataResult, int32_t onGetDataV1Result)
42 : onResultResult_(onResultResult), onGetDataResult_(onGetDataResult), onGetDataV1Result_(onGetDataV1Result)
43 {
44 }
45
OnResult(int32_t result,const std::vector<uint8_t> & extraInfo)46 int32_t OnResult(int32_t result, const std::vector<uint8_t> &extraInfo) override
47 {
48 IAM_LOGI("result %{public}d extraInfo len %{public}zu", result, extraInfo.size());
49 return onResultResult_;
50 }
51
OnGetData(uint64_t scheduleId,const std::vector<uint8_t> & algoParameter,uint64_t authSubType)52 int32_t OnGetData(uint64_t scheduleId, const std::vector<uint8_t> &algoParameter, uint64_t authSubType) override
53 {
54 IAM_LOGI("scheduleId %{public}" PRIu64 ", algoParameter len %{public}zu authSubType %{public}" PRIu64,
55 scheduleId, algoParameter.size(), authSubType);
56 return onGetDataResult_;
57 }
58
OnGetDataV1_1(uint64_t scheduleId,const std::vector<uint8_t> & algoParameter,uint64_t authSubType,uint32_t algoVersion)59 int32_t OnGetDataV1_1(uint64_t scheduleId, const std::vector<uint8_t> &algoParameter, uint64_t authSubType,
60 uint32_t algoVersion) override
61 {
62 IAM_LOGI("scheduleId %{public}" PRIu64 ", algoParameter len %{public}zu authSubType %{public}" PRIu64,
63 scheduleId, algoParameter.size(), authSubType);
64 return onGetDataV1Result_;
65 }
66
67 private:
68 int32_t onResultResult_;
69 int32_t onGetDataResult_;
70 int32_t onGetDataV1Result_;
71 };
72
73 ExecutorImpl g_executorImpl(make_shared<OHOS::UserIam::PinAuth::PinAuth>());
74
FillFuzzExecutorInfo(Parcel & parcel,ExecutorInfo & executorInfo)75 void FillFuzzExecutorInfo(Parcel &parcel, ExecutorInfo &executorInfo)
76 {
77 executorInfo.sensorId = parcel.ReadUint16();
78 executorInfo.executorType = parcel.ReadUint32();
79 executorInfo.executorRole = static_cast<ExecutorRole>(parcel.ReadInt32());
80 executorInfo.authType = static_cast<AuthType>(parcel.ReadInt32());
81 executorInfo.esl = static_cast<ExecutorSecureLevel>(parcel.ReadInt32());
82 FillFuzzUint8Vector(parcel, executorInfo.publicKey);
83 FillFuzzUint8Vector(parcel, executorInfo.extraInfo);
84 IAM_LOGI("success");
85 }
86
FillFuzzTemplateInfo(Parcel & parcel,TemplateInfo & templateInfo)87 void FillFuzzTemplateInfo(Parcel &parcel, TemplateInfo &templateInfo)
88 {
89 templateInfo.executorType = parcel.ReadUint32();
90 templateInfo.lockoutDuration = parcel.ReadInt32();
91 templateInfo.remainAttempts = parcel.ReadInt32();
92 FillFuzzUint8Vector(parcel, templateInfo.extraInfo);
93 IAM_LOGI("success");
94 }
95
FillFuzzIExecutorCallback(Parcel & parcel,sptr<IExecutorCallback> & callbackObj)96 void FillFuzzIExecutorCallback(Parcel &parcel, sptr<IExecutorCallback> &callbackObj)
97 {
98 bool isNull = parcel.ReadBool();
99 if (isNull) {
100 callbackObj = nullptr;
101 } else {
102 callbackObj = new (std::nothrow) DummyIExecutorCallback(parcel.ReadInt32(),
103 parcel.ReadInt32(), parcel.ReadInt32());
104 if (callbackObj == nullptr) {
105 IAM_LOGE("callbackObj construct fail");
106 }
107 }
108 IAM_LOGI("success");
109 }
110
FillFuzzGetPropertyTypeVector(Parcel & parcel,std::vector<GetPropertyType> & types)111 void FillFuzzGetPropertyTypeVector(Parcel &parcel, std::vector<GetPropertyType> &types)
112 {
113 std::vector<uint32_t> propertyTypeUint32;
114 FillFuzzUint32Vector(parcel, propertyTypeUint32);
115 for (const auto& val : propertyTypeUint32) {
116 types.push_back(static_cast<GetPropertyType>(val));
117 }
118
119 IAM_LOGI("success");
120 }
121
FillFuzzProperty(Parcel & parcel,Property & property)122 void FillFuzzProperty(Parcel &parcel, Property &property)
123 {
124 property.authSubType = parcel.ReadUint64();
125 property.lockoutDuration = parcel.ReadInt32();
126 property.remainAttempts = parcel.ReadInt32();
127
128 IAM_LOGI("success");
129 }
130
FuzzGetExecutorInfo(Parcel & parcel)131 void FuzzGetExecutorInfo(Parcel &parcel)
132 {
133 IAM_LOGI("begin");
134 ExecutorInfo executorInfo;
135 FillFuzzExecutorInfo(parcel, executorInfo);
136 g_executorImpl.GetExecutorInfo(executorInfo);
137 IAM_LOGI("end");
138 }
139
FuzzGetTemplateInfo(Parcel & parcel)140 void FuzzGetTemplateInfo(Parcel &parcel)
141 {
142 IAM_LOGI("begin");
143 uint64_t templateId = parcel.ReadUint64();
144 TemplateInfo templateInfo;
145 FillFuzzTemplateInfo(parcel, templateInfo);
146 g_executorImpl.GetTemplateInfo(templateId, templateInfo);
147 IAM_LOGI("end");
148 }
149
FuzzOnRegisterFinish(Parcel & parcel)150 void FuzzOnRegisterFinish(Parcel &parcel)
151 {
152 IAM_LOGI("begin");
153 std::vector<uint64_t> templateIdList;
154 FillFuzzUint64Vector(parcel, templateIdList);
155 std::vector<uint8_t> frameworkPublicKey;
156 FillFuzzUint8Vector(parcel, frameworkPublicKey);
157 std::vector<uint8_t> extraInfo;
158 FillFuzzUint8Vector(parcel, extraInfo);
159 g_executorImpl.OnRegisterFinish(templateIdList, frameworkPublicKey, extraInfo);
160 IAM_LOGI("end");
161 }
162
FuzzOnSetData(Parcel & parcel)163 void FuzzOnSetData(Parcel &parcel)
164 {
165 IAM_LOGI("begin");
166 uint64_t scheduleId = parcel.ReadUint64();
167 uint64_t authSubType = parcel.ReadUint64();
168 std::vector<uint8_t> data;
169 FillFuzzUint8Vector(parcel, data);
170 g_executorImpl.OnSetData(scheduleId, authSubType, data);
171 IAM_LOGI("end");
172 }
173
FuzzEnroll(Parcel & parcel)174 void FuzzEnroll(Parcel &parcel)
175 {
176 IAM_LOGI("begin");
177 uint64_t scheduleId = parcel.ReadUint64();
178 std::vector<uint8_t> extraInfo;
179 FillFuzzUint8Vector(parcel, extraInfo);
180 sptr<IExecutorCallback> callbackObj;
181 FillFuzzIExecutorCallback(parcel, callbackObj);
182 g_executorImpl.Enroll(scheduleId, extraInfo, callbackObj);
183 IAM_LOGI("end");
184 }
185
FuzzEnrollV1_1(Parcel & parcel)186 void FuzzEnrollV1_1(Parcel &parcel)
187 {
188 IAM_LOGI("begin");
189 uint64_t scheduleId = parcel.ReadUint64();
190 std::vector<uint8_t> extraInfo;
191 FillFuzzUint8Vector(parcel, extraInfo);
192 sptr<IExecutorCallback> callbackObj;
193 FillFuzzIExecutorCallback(parcel, callbackObj);
194 g_executorImpl.EnrollV1_1(scheduleId, extraInfo, callbackObj);
195 IAM_LOGI("end");
196 }
197
FuzzAuthenticate(Parcel & parcel)198 void FuzzAuthenticate(Parcel &parcel)
199 {
200 IAM_LOGI("begin");
201 uint64_t scheduleId = parcel.ReadUint64();
202 uint64_t templateId = parcel.ReadUint64();
203 std::vector<uint8_t> extraInfo;
204 FillFuzzUint8Vector(parcel, extraInfo);
205 sptr<IExecutorCallback> callbackObj;
206 FillFuzzIExecutorCallback(parcel, callbackObj);
207 g_executorImpl.Authenticate(scheduleId, templateId, extraInfo, callbackObj);
208 IAM_LOGI("end");
209 }
210
FuzzAuthenticateV1_1(Parcel & parcel)211 void FuzzAuthenticateV1_1(Parcel &parcel)
212 {
213 IAM_LOGI("begin");
214 uint64_t scheduleId = parcel.ReadUint64();
215 uint64_t templateId = parcel.ReadUint64();
216 std::vector<uint8_t> extraInfo;
217 FillFuzzUint8Vector(parcel, extraInfo);
218 sptr<IExecutorCallback> callbackObj;
219 FillFuzzIExecutorCallback(parcel, callbackObj);
220 g_executorImpl.AuthenticateV1_1(scheduleId, templateId, extraInfo, callbackObj);
221 IAM_LOGI("end");
222 }
223
FuzzDelete(Parcel & parcel)224 void FuzzDelete(Parcel &parcel)
225 {
226 IAM_LOGI("begin");
227 uint64_t templateId = parcel.ReadUint64();
228 g_executorImpl.Delete(templateId);
229 IAM_LOGI("end");
230 }
231
FuzzCancel(Parcel & parcel)232 void FuzzCancel(Parcel &parcel)
233 {
234 IAM_LOGI("begin");
235 uint64_t scheduleId = parcel.ReadUint64();
236 g_executorImpl.Cancel(scheduleId);
237 IAM_LOGI("end");
238 }
239
FuzzSendCommand(Parcel & parcel)240 void FuzzSendCommand(Parcel &parcel)
241 {
242 IAM_LOGI("begin");
243 int32_t commandId = parcel.ReadInt32();
244 std::vector<uint8_t> extraInfo;
245 FillFuzzUint8Vector(parcel, extraInfo);
246 sptr<IExecutorCallback> callbackObj;
247 FillFuzzIExecutorCallback(parcel, callbackObj);
248 g_executorImpl.SendCommand(commandId, extraInfo, callbackObj);
249 IAM_LOGI("end");
250 }
251
252
FuzzGetProperty(Parcel & parcel)253 void FuzzGetProperty(Parcel &parcel)
254 {
255 IAM_LOGI("begin");
256 std::vector<uint64_t> templateIdList;
257 FillFuzzUint64Vector(parcel, templateIdList);
258 std::vector<GetPropertyType> propertyTypes;
259 FillFuzzGetPropertyTypeVector(parcel, propertyTypes);
260 Property property;
261 FillFuzzProperty(parcel, property);
262
263 g_executorImpl.GetProperty(templateIdList, propertyTypes, property);
264 IAM_LOGI("end");
265 }
266
267 using FuzzFunc = decltype(FuzzGetExecutorInfo);
268 FuzzFunc *g_fuzzFuncs[] = {
269 FuzzGetExecutorInfo,
270 FuzzGetTemplateInfo,
271 FuzzOnRegisterFinish,
272 FuzzOnSetData,
273 FuzzEnroll,
274 FuzzEnrollV1_1,
275 FuzzAuthenticate,
276 FuzzAuthenticateV1_1,
277 FuzzDelete,
278 FuzzCancel,
279 FuzzSendCommand,
280 FuzzGetProperty,
281 };
282
PinAuthHdiFuzzTest(const uint8_t * data,size_t size)283 void PinAuthHdiFuzzTest(const uint8_t *data, size_t size)
284 {
285 Parcel parcel;
286 parcel.WriteBuffer(data, size);
287 parcel.RewindRead(0);
288 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
289 auto fuzzFunc = g_fuzzFuncs[index];
290 fuzzFunc(parcel);
291 return;
292 }
293 } // namespace
294 } // namespace PinAuth
295 } // namespace HDI
296 } // namespace OHOS
297
298 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)299 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
300 {
301 OHOS::HDI::PinAuth::PinAuthHdiFuzzTest(data, size);
302 return 0;
303 }
304