1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "pin_auth_hdi_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <cinttypes>
21
22 #include "parcel.h"
23
24 #include "iam_logger.h"
25 #include "iam_fuzz_test.h"
26 #include "all_in_one_impl.h"
27
28 #undef LOG_TAG
29 #define LOG_TAG "PIN_AUTH_HDI"
30
31 #undef private
32
33 using namespace std;
34 using namespace OHOS::UserIam::Common;
35
36 namespace OHOS {
37 namespace HDI {
38 namespace PinAuth {
39 namespace {
40 class DummyIExecutorCallback : public HdiIExecutorCallback {
41 public:
DummyIExecutorCallback(int32_t onResultResult,int32_t onGetDataResult,int32_t onTipResult,int32_t onMessageResult)42 DummyIExecutorCallback(int32_t onResultResult, int32_t onGetDataResult, int32_t onTipResult,
43 int32_t onMessageResult)
44 : onResultResult_(onResultResult), onGetDataResult_(onGetDataResult), onTipResult_(onTipResult),
45 onMessageResult_(onMessageResult)
46 {
47 }
48
OnResult(int32_t result,const std::vector<uint8_t> & extraInfo)49 int32_t OnResult(int32_t result, const std::vector<uint8_t> &extraInfo) override
50 {
51 return onResultResult_;
52 }
53
OnGetData(const std::vector<uint8_t> & algoParameter,uint64_t authSubType,uint32_t algoVersion,const std::vector<uint8_t> & challenge,const std::string & pinComplexityReg)54 int32_t OnGetData(const std::vector<uint8_t>& algoParameter, uint64_t authSubType, uint32_t algoVersion,
55 const std::vector<uint8_t>& challenge, const std::string &pinComplexityReg) override
56 {
57 return onGetDataResult_;
58 }
59
OnTip(int32_t tip,const std::vector<uint8_t> & extraInfo)60 int32_t OnTip(int32_t tip, const std::vector<uint8_t>& extraInfo) override
61 {
62 return onTipResult_;
63 }
64
OnMessage(int32_t destRole,const std::vector<uint8_t> & msg)65 int32_t OnMessage(int32_t destRole, const std::vector<uint8_t>& msg) override
66 {
67 return onMessageResult_;
68 }
69
70 private:
71 int32_t onResultResult_;
72 int32_t onGetDataResult_;
73 int32_t onTipResult_;
74 int32_t onMessageResult_;
75 };
76
77 AllInOneImpl g_executorImpl(make_shared<OHOS::UserIam::PinAuth::PinAuth>());
78
FillFuzzExecutorInfo(Parcel & parcel,HdiExecutorInfo & executorInfo)79 void FillFuzzExecutorInfo(Parcel &parcel, HdiExecutorInfo &executorInfo)
80 {
81 executorInfo.sensorId = parcel.ReadUint16();
82 executorInfo.executorMatcher = parcel.ReadUint32();
83 executorInfo.executorRole = static_cast<HdiExecutorRole>(parcel.ReadInt32());
84 executorInfo.authType = static_cast<HdiAuthType>(parcel.ReadInt32());
85 executorInfo.esl = static_cast<HdiExecutorSecureLevel>(parcel.ReadInt32());
86 FillFuzzUint8Vector(parcel, executorInfo.publicKey);
87 FillFuzzUint8Vector(parcel, executorInfo.extraInfo);
88 IAM_LOGI("success");
89 }
90
FillFuzzIExecutorCallback(Parcel & parcel,sptr<HdiIExecutorCallback> & callbackObj)91 void FillFuzzIExecutorCallback(Parcel &parcel, sptr<HdiIExecutorCallback> &callbackObj)
92 {
93 bool isNull = parcel.ReadBool();
94 if (isNull) {
95 callbackObj = nullptr;
96 } else {
97 callbackObj = new (std::nothrow) DummyIExecutorCallback(parcel.ReadInt32(),
98 parcel.ReadInt32(), parcel.ReadInt32(), parcel.ReadInt32());
99 if (callbackObj == nullptr) {
100 IAM_LOGE("callbackObj construct fail");
101 }
102 }
103 IAM_LOGI("success");
104 }
105
FillFuzzProperty(Parcel & parcel,HdiProperty & property)106 void FillFuzzProperty(Parcel &parcel, HdiProperty &property)
107 {
108 property.authSubType = parcel.ReadUint64();
109 property.lockoutDuration = parcel.ReadInt32();
110 property.remainAttempts = parcel.ReadInt32();
111
112 IAM_LOGI("success");
113 }
114
FuzzGetExecutorInfo(Parcel & parcel)115 void FuzzGetExecutorInfo(Parcel &parcel)
116 {
117 IAM_LOGI("begin");
118 HdiExecutorInfo executorInfo;
119 FillFuzzExecutorInfo(parcel, executorInfo);
120 g_executorImpl.GetExecutorInfo(executorInfo);
121 IAM_LOGI("end");
122 }
123
FuzzOnRegisterFinish(Parcel & parcel)124 void FuzzOnRegisterFinish(Parcel &parcel)
125 {
126 IAM_LOGI("begin");
127 std::vector<uint64_t> templateIdList;
128 FillFuzzUint64Vector(parcel, templateIdList);
129 std::vector<uint8_t> frameworkPublicKey;
130 FillFuzzUint8Vector(parcel, frameworkPublicKey);
131 std::vector<uint8_t> extraInfo;
132 FillFuzzUint8Vector(parcel, extraInfo);
133 g_executorImpl.OnRegisterFinish(templateIdList, frameworkPublicKey, extraInfo);
134 IAM_LOGI("end");
135 }
136
FuzzSetData(Parcel & parcel)137 void FuzzSetData(Parcel &parcel)
138 {
139 IAM_LOGI("begin");
140 uint64_t scheduleId = parcel.ReadUint64();
141 uint64_t authSubType = parcel.ReadUint64();
142 std::vector<uint8_t> data;
143 FillFuzzUint8Vector(parcel, data);
144 int32_t resultCode = parcel.ReadInt32();
145 g_executorImpl.SetData(scheduleId, authSubType, data, resultCode);
146 IAM_LOGI("end");
147 }
148
FuzzEnroll(Parcel & parcel)149 void FuzzEnroll(Parcel &parcel)
150 {
151 IAM_LOGI("begin");
152 uint64_t scheduleId = parcel.ReadUint64();
153 std::vector<uint8_t> extraInfo;
154 FillFuzzUint8Vector(parcel, extraInfo);
155 sptr<HdiIExecutorCallback> callbackObj;
156 FillFuzzIExecutorCallback(parcel, callbackObj);
157 g_executorImpl.Enroll(scheduleId, extraInfo, callbackObj);
158 IAM_LOGI("end");
159 }
160
FuzzAuthenticate(Parcel & parcel)161 void FuzzAuthenticate(Parcel &parcel)
162 {
163 IAM_LOGI("begin");
164 uint64_t scheduleId = parcel.ReadUint64();
165 std::vector<uint64_t> templateIdList;
166 FillFuzzUint64Vector(parcel, templateIdList);
167 std::vector<uint8_t> extraInfo;
168 FillFuzzUint8Vector(parcel, extraInfo);
169 sptr<HdiIExecutorCallback> callbackObj;
170 FillFuzzIExecutorCallback(parcel, callbackObj);
171 g_executorImpl.Authenticate(scheduleId, templateIdList, extraInfo, callbackObj);
172 IAM_LOGI("end");
173 }
174
FuzzDelete(Parcel & parcel)175 void FuzzDelete(Parcel &parcel)
176 {
177 IAM_LOGI("begin");
178 uint64_t templateId = parcel.ReadUint64();
179 g_executorImpl.Delete(templateId);
180 IAM_LOGI("end");
181 }
182
FuzzCancel(Parcel & parcel)183 void FuzzCancel(Parcel &parcel)
184 {
185 IAM_LOGI("begin");
186 uint64_t scheduleId = parcel.ReadUint64();
187 g_executorImpl.Cancel(scheduleId);
188 IAM_LOGI("end");
189 }
190
FuzzGetProperty(Parcel & parcel)191 void FuzzGetProperty(Parcel &parcel)
192 {
193 IAM_LOGI("begin");
194 std::vector<uint64_t> templateIdList;
195 FillFuzzUint64Vector(parcel, templateIdList);
196 std::vector<int32_t> propertyTypes;
197 FillFuzzInt32Vector(parcel, propertyTypes);
198 HdiProperty property;
199 FillFuzzProperty(parcel, property);
200 g_executorImpl.GetProperty(templateIdList, propertyTypes, property);
201 IAM_LOGI("end");
202 }
203
FuzzSendMessage(Parcel & parcel)204 void FuzzSendMessage(Parcel &parcel)
205 {
206 IAM_LOGI("begin");
207 uint64_t scheduleId = parcel.ReadUint64();
208 int32_t srcRole = parcel.ReadInt32();
209 std::vector<uint8_t> msg;
210 FillFuzzUint8Vector(parcel, msg);
211 g_executorImpl.SendMessage(scheduleId, srcRole, msg);
212 IAM_LOGI("end");
213 }
214
215 using FuzzFunc = decltype(FuzzGetExecutorInfo);
216 FuzzFunc *g_fuzzFuncs[] = {
217 FuzzGetExecutorInfo,
218 FuzzOnRegisterFinish,
219 FuzzSetData,
220 FuzzEnroll,
221 FuzzAuthenticate,
222 FuzzDelete,
223 FuzzCancel,
224 FuzzSendMessage,
225 FuzzGetProperty,
226 };
227
PinAuthHdiFuzzTest(const uint8_t * data,size_t size)228 void PinAuthHdiFuzzTest(const uint8_t *data, size_t size)
229 {
230 Parcel parcel;
231 parcel.WriteBuffer(data, size);
232 parcel.RewindRead(0);
233 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
234 auto fuzzFunc = g_fuzzFuncs[index];
235 fuzzFunc(parcel);
236 return;
237 }
238 } // namespace
239 } // namespace PinAuth
240 } // namespace HDI
241 } // namespace OHOS
242
243 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)244 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
245 {
246 OHOS::HDI::PinAuth::PinAuthHdiFuzzTest(data, size);
247 return 0;
248 }
249