1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_auth_service_fuzzer.h"
17
18 #include <cinttypes>
19 #include <cstddef>
20 #include <cstdint>
21
22 #include "parcel.h"
23
24 #include "iam_fuzz_test.h"
25 #include "iam_logger.h"
26 #include "user_auth_service.h"
27 #include "user_auth_common_defines.h"
28
29 #undef private
30
31 #ifdef LOG_LABEL
32 #undef LOG_LABEL
33 #endif
34 #define LOG_LABEL UserIam::Common::LABEL_USER_AUTH_SA
35
36 using namespace std;
37 using namespace OHOS::UserIam::Common;
38 using namespace OHOS::UserIam::UserAuth;
39
40 namespace OHOS {
41 namespace UserIam {
42 namespace UserAuth {
43 namespace {
44 class DummyUserAuthCallback : public UserAuthCallbackInterface {
45 public:
46 ~DummyUserAuthCallback() override = default;
47
OnAcquireInfo(int32_t module,int32_t acquireInfo,const Attributes & extraInfo)48 void OnAcquireInfo(int32_t module, int32_t acquireInfo, const Attributes &extraInfo) override
49 {
50 IAM_LOGI("start");
51 static_cast<void>(module);
52 static_cast<void>(acquireInfo);
53 static_cast<void>(extraInfo);
54 return;
55 }
56
OnResult(int32_t result,const Attributes & extraInfo)57 void OnResult(int32_t result, const Attributes &extraInfo) override
58 {
59 IAM_LOGI("start");
60 static_cast<void>(result);
61 static_cast<void>(extraInfo);
62 return;
63 }
64
AsObject()65 sptr<IRemoteObject> AsObject() override
66 {
67 sptr<IRemoteObject> tmp(nullptr);
68 return tmp;
69 }
70 };
71
72 class DummyGetExecutorPropertyCallback : public GetExecutorPropertyCallbackInterface {
73 public:
74 ~DummyGetExecutorPropertyCallback() override = default;
75
OnGetExecutorPropertyResult(int32_t result,const Attributes & attributes)76 void OnGetExecutorPropertyResult(int32_t result, const Attributes &attributes) override
77 {
78 IAM_LOGI("start");
79 return;
80 }
81
AsObject()82 sptr<IRemoteObject> AsObject() override
83 {
84 sptr<IRemoteObject> tmp(nullptr);
85 return tmp;
86 }
87 };
88
89 class DummySetExecutorPropertyCallback : public SetExecutorPropertyCallbackInterface {
90 public:
91 ~DummySetExecutorPropertyCallback() override = default;
92
OnSetExecutorPropertyResult(int32_t result)93 void OnSetExecutorPropertyResult(int32_t result) override
94 {
95 IAM_LOGI("start");
96 return;
97 }
98
AsObject()99 sptr<IRemoteObject> AsObject() override
100 {
101 sptr<IRemoteObject> tmp(nullptr);
102 return tmp;
103 }
104 };
105
106 class DummyWidgetCallback : public WidgetCallbackInterface {
107 public:
SendCommand(const std::string & cmdData)108 void SendCommand(const std::string &cmdData) override
109 {
110 IAM_LOGI("start");
111 }
112
AsObject()113 sptr<IRemoteObject> AsObject() override
114 {
115 sptr<IRemoteObject> tmp(nullptr);
116 return tmp;
117 }
118 };
119
120 UserAuthService g_userAuthService(SUBSYS_USERIAM_SYS_ABILITY_USERAUTH, true);
121
FuzzGetAvailableStatus(Parcel & parcel)122 void FuzzGetAvailableStatus(Parcel &parcel)
123 {
124 IAM_LOGI("begin");
125 int32_t apiVersion = parcel.ReadInt32();
126 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
127 AuthTrustLevel authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
128 g_userAuthService.GetAvailableStatus(apiVersion, authType, authTrustLevel);
129 IAM_LOGI("end");
130 }
131
FuzzGetProperty(Parcel & parcel)132 void FuzzGetProperty(Parcel &parcel)
133 {
134 IAM_LOGI("begin");
135 constexpr uint32_t maxDataLen = 50;
136 int32_t userId = parcel.ReadInt32();
137 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
138 std::vector<Attributes::AttributeKey> keys;
139 uint32_t keysLen = parcel.ReadUint32() % maxDataLen;
140 keys.reserve(keysLen);
141 for (uint32_t i = 0; i < keysLen; i++) {
142 keys.emplace_back(static_cast<Attributes::AttributeKey>(parcel.ReadInt32()));
143 }
144
145 sptr<GetExecutorPropertyCallbackInterface> callback(nullptr);
146 if (parcel.ReadBool()) {
147 callback = sptr<GetExecutorPropertyCallbackInterface>(new (std::nothrow) DummyGetExecutorPropertyCallback());
148 }
149 g_userAuthService.GetProperty(userId, authType, keys, callback);
150 IAM_LOGI("end");
151 }
152
FuzzSetProperty(Parcel & parcel)153 void FuzzSetProperty(Parcel &parcel)
154 {
155 IAM_LOGI("begin");
156 int32_t userId = parcel.ReadInt32();
157 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
158 vector<uint8_t> attributesRaw;
159 FillFuzzUint8Vector(parcel, attributesRaw);
160 Attributes attributes(attributesRaw);
161 sptr<SetExecutorPropertyCallbackInterface> callback(nullptr);
162 if (parcel.ReadBool()) {
163 callback = sptr<SetExecutorPropertyCallbackInterface>(new (nothrow) DummySetExecutorPropertyCallback());
164 }
165
166 g_userAuthService.SetProperty(userId, authType, attributes, callback);
167 IAM_LOGI("end");
168 }
169
FuzzAuth(Parcel & parcel)170 void FuzzAuth(Parcel &parcel)
171 {
172 IAM_LOGI("begin");
173 int32_t apiVersion = parcel.ReadInt32();
174 std::vector<uint8_t> challenge;
175 FillFuzzUint8Vector(parcel, challenge);
176 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
177 AuthTrustLevel authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
178 sptr<UserAuthCallbackInterface> callback(nullptr);
179 if (parcel.ReadBool()) {
180 callback = sptr<UserAuthCallbackInterface>(new (std::nothrow) DummyUserAuthCallback());
181 }
182 g_userAuthService.Auth(apiVersion, challenge, authType, authTrustLevel, callback);
183 IAM_LOGI("end");
184 }
185
FuzzAuthUser(Parcel & parcel)186 void FuzzAuthUser(Parcel &parcel)
187 {
188 IAM_LOGI("begin");
189 int32_t userId = parcel.ReadInt32();
190 std::vector<uint8_t> challenge;
191 FillFuzzUint8Vector(parcel, challenge);
192 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
193 AuthTrustLevel authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
194 sptr<UserAuthCallbackInterface> callback(nullptr);
195 if (parcel.ReadBool()) {
196 callback = sptr<UserAuthCallbackInterface>(new (nothrow) DummyUserAuthCallback());
197 }
198 g_userAuthService.AuthUser(userId, challenge, authType, authTrustLevel, callback);
199 IAM_LOGI("end");
200 }
201
FuzzIdentify(Parcel & parcel)202 void FuzzIdentify(Parcel &parcel)
203 {
204 IAM_LOGI("begin");
205 std::vector<uint8_t> challenge;
206 FillFuzzUint8Vector(parcel, challenge);
207 AuthType authType = static_cast<AuthType>(parcel.ReadInt32());
208 sptr<UserAuthCallbackInterface> callback(nullptr);
209 if (parcel.ReadBool()) {
210 callback = sptr<UserAuthCallbackInterface>(new (nothrow) DummyUserAuthCallback());
211 }
212 g_userAuthService.Identify(challenge, authType, callback);
213 IAM_LOGI("end");
214 }
215
FuzzCancelAuthOrIdentify(Parcel & parcel)216 void FuzzCancelAuthOrIdentify(Parcel &parcel)
217 {
218 IAM_LOGI("begin");
219 uint64_t contextId = parcel.ReadUint64();
220 g_userAuthService.CancelAuthOrIdentify(contextId);
221 IAM_LOGI("end");
222 }
223
FuzzGetVersion(Parcel & parcel)224 void FuzzGetVersion(Parcel &parcel)
225 {
226 IAM_LOGI("begin");
227 int32_t version = -1;
228 g_userAuthService.GetVersion(version);
229 IAM_LOGI("end");
230 }
231
FuzzAuthWidget(Parcel & parcel)232 void FuzzAuthWidget(Parcel &parcel)
233 {
234 IAM_LOGI("begin");
235 int32_t apiVersion = parcel.ReadInt32();
236 AuthParam authParam;
237 WidgetParam widgetParam;
238 FillFuzzUint8Vector(parcel, authParam.challenge);
239 std::vector<int32_t> atList;
240 parcel.ReadInt32Vector(&atList);
241 for (auto at : atList) {
242 authParam.authType.push_back(static_cast<AuthType>(at));
243 }
244 authParam.authTrustLevel = static_cast<AuthTrustLevel>(parcel.ReadInt32());
245 sptr<UserAuthCallbackInterface> callback(nullptr);
246 widgetParam.title = parcel.ReadString();
247 widgetParam.navigationButtonText = parcel.ReadString();
248 widgetParam.windowMode = static_cast<WindowModeType>(parcel.ReadInt32());
249 if (parcel.ReadBool()) {
250 callback = sptr<UserAuthCallbackInterface>(new (std::nothrow) DummyUserAuthCallback());
251 }
252 g_userAuthService.AuthWidget(apiVersion, authParam, widgetParam, callback);
253 IAM_LOGI("end");
254 }
255
FuzzNotice(Parcel & parcel)256 void FuzzNotice(Parcel &parcel)
257 {
258 IAM_LOGI("begin");
259 NoticeType noticeType = static_cast<NoticeType>(parcel.ReadInt32());
260 std::string eventData = parcel.ReadString();
261 g_userAuthService.Notice(noticeType, eventData);
262 IAM_LOGI("end");
263 }
264
FuzzRegisterWidgetCallback(Parcel & parcel)265 void FuzzRegisterWidgetCallback(Parcel &parcel)
266 {
267 IAM_LOGI("begin");
268 int32_t version = parcel.ReadInt32();
269 sptr<WidgetCallbackInterface> callback(nullptr);
270 if (parcel.ReadBool()) {
271 callback = sptr<WidgetCallbackInterface>(new (std::nothrow) DummyWidgetCallback());
272 }
273 g_userAuthService.RegisterWidgetCallback(version, callback);
274 IAM_LOGI("end");
275 }
276
277 using FuzzFunc = decltype(FuzzGetAvailableStatus);
278 FuzzFunc *g_fuzzFuncs[] = {
279 FuzzGetAvailableStatus,
280 FuzzGetProperty,
281 FuzzSetProperty,
282 FuzzAuth,
283 FuzzAuthUser,
284 FuzzIdentify,
285 FuzzCancelAuthOrIdentify,
286 FuzzGetVersion,
287 FuzzAuthWidget,
288 FuzzNotice,
289 FuzzRegisterWidgetCallback,
290 };
291
UserAuthFuzzTest(const uint8_t * data,size_t size)292 void UserAuthFuzzTest(const uint8_t *data, size_t size)
293 {
294 Parcel parcel;
295 parcel.WriteBuffer(data, size);
296 parcel.RewindRead(0);
297 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs)) / sizeof(FuzzFunc *);
298 auto fuzzFunc = g_fuzzFuncs[index];
299 fuzzFunc(parcel);
300 return;
301 }
302 } // namespace
303 } // namespace UserAuth
304 } // namespace UserIam
305 } // namespace OHOS
306
307 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)308 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
309 {
310 OHOS::UserIam::UserAuth::UserAuthFuzzTest(data, size);
311 return 0;
312 }
313