1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_idm_client_fuzzer.h"
17
18 #include "parcel.h"
19
20 #include "user_idm_client.h"
21 #include "user_idm_callback_service.h"
22 #include "iam_fuzz_test.h"
23 #include "iam_logger.h"
24 #include "iam_ptr.h"
25
26 #define LOG_TAG "USER_AUTH_SDK"
27
28 namespace OHOS {
29 namespace UserIam {
30 namespace UserAuth {
31 namespace {
32 class DummyUserIdmClientCallback final : public UserIdmClientCallback {
33 public:
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)34 void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
35 {
36 IAM_LOGI("start");
37 static_cast<void>(module);
38 static_cast<void>(acquireInfo);
39 static_cast<void>(extraInfo);
40 }
41
OnResult(int32_t result,const Attributes & extraInfo)42 void OnResult(int32_t result, const Attributes &extraInfo)
43 {
44 IAM_LOGI("start");
45 static_cast<void>(result);
46 static_cast<void>(extraInfo);
47 }
48 };
49
50 class DummyGetCredentialInfoCallback final : public GetCredentialInfoCallback {
51 public:
OnCredentialInfo(const std::vector<CredentialInfo> & infoList)52 void OnCredentialInfo(const std::vector<CredentialInfo> &infoList)
53 {
54 IAM_LOGI("start");
55 static_cast<void>(infoList);
56 }
57 };
58
59 class DummyGetSecUserInfoCallback final : public GetSecUserInfoCallback {
60 public:
OnSecUserInfo(const SecUserInfo & info)61 void OnSecUserInfo(const SecUserInfo &info)
62 {
63 IAM_LOGI("start");
64 static_cast<void>(info);
65 }
66 };
67
FuzzClientOpenSession(Parcel & parcel)68 void FuzzClientOpenSession(Parcel &parcel)
69 {
70 IAM_LOGI("start");
71 int32_t userId = parcel.ReadInt32();
72 UserIdmClient::GetInstance().OpenSession(userId);
73 IAM_LOGI("end");
74 }
75
FuzzClientCloseSession(Parcel & parcel)76 void FuzzClientCloseSession(Parcel &parcel)
77 {
78 IAM_LOGI("start");
79 int32_t userId = parcel.ReadInt32();
80 UserIdmClient::GetInstance().CloseSession(userId);
81 IAM_LOGI("end");
82 }
83
FuzzClientAddCredential(Parcel & parcel)84 void FuzzClientAddCredential(Parcel &parcel)
85 {
86 IAM_LOGI("start");
87 int32_t userId = parcel.ReadInt32();
88 CredentialParameters para = {};
89 para.authType = static_cast<AuthType>(parcel.ReadInt32());
90 Common::FillFuzzUint8Vector(parcel, para.token);
91 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
92 UserIdmClient::GetInstance().AddCredential(userId, para, callback);
93 UserIdmClient::GetInstance().AddCredential(userId, para, nullptr);
94 IAM_LOGI("end");
95 }
96
FuzzClientUpdateCredential(Parcel & parcel)97 void FuzzClientUpdateCredential(Parcel &parcel)
98 {
99 IAM_LOGI("start");
100 int32_t userId = parcel.ReadInt32();
101 CredentialParameters para = {};
102 para.authType = static_cast<AuthType>(parcel.ReadInt32());
103 Common::FillFuzzUint8Vector(parcel, para.token);
104 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
105 UserIdmClient::GetInstance().UpdateCredential(userId, para, callback);
106 UserIdmClient::GetInstance().UpdateCredential(userId, para, nullptr);
107 IAM_LOGI("end");
108 }
109
FuzzClientCancel(Parcel & parcel)110 void FuzzClientCancel(Parcel &parcel)
111 {
112 IAM_LOGI("start");
113 int32_t userId = parcel.ReadInt32();
114 UserIdmClient::GetInstance().Cancel(userId);
115 IAM_LOGI("end");
116 }
117
FuzzClientDeleteCredential(Parcel & parcel)118 void FuzzClientDeleteCredential(Parcel &parcel)
119 {
120 IAM_LOGI("start");
121 int32_t userId = parcel.ReadInt32();
122 uint64_t credentialId = parcel.ReadUint64();
123 std::vector<uint8_t> authToken;
124 Common::FillFuzzUint8Vector(parcel, authToken);
125 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
126 UserIdmClient::GetInstance().DeleteCredential(userId, credentialId, authToken, callback);
127 UserIdmClient::GetInstance().DeleteCredential(userId, credentialId, authToken, nullptr);
128 IAM_LOGI("end");
129 }
130
FuzzClientDeleteUser(Parcel & parcel)131 void FuzzClientDeleteUser(Parcel &parcel)
132 {
133 IAM_LOGI("start");
134 int32_t userId = parcel.ReadInt32();
135 std::vector<uint8_t> authToken;
136 Common::FillFuzzUint8Vector(parcel, authToken);
137 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
138 UserIdmClient::GetInstance().DeleteUser(userId, authToken, callback);
139 UserIdmClient::GetInstance().DeleteUser(userId, authToken, nullptr);
140 IAM_LOGI("end");
141 }
142
FuzzClientEraseUser(Parcel & parcel)143 void FuzzClientEraseUser(Parcel &parcel)
144 {
145 IAM_LOGI("start");
146 int32_t userId = parcel.ReadInt32();
147 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
148 UserIdmClient::GetInstance().EraseUser(userId, callback);
149 UserIdmClient::GetInstance().EraseUser(userId, nullptr);
150 IAM_LOGI("end");
151 }
152
FuzzClientGetCredentialInfo(Parcel & parcel)153 void FuzzClientGetCredentialInfo(Parcel &parcel)
154 {
155 IAM_LOGI("start");
156 int32_t userId = parcel.ReadInt32();
157 auto authType = static_cast<AuthType>(parcel.ReadInt32());
158 auto callback = Common::MakeShared<DummyGetCredentialInfoCallback>();
159 UserIdmClient::GetInstance().GetCredentialInfo(userId, authType, callback);
160 UserIdmClient::GetInstance().GetCredentialInfo(userId, authType, nullptr);
161 IAM_LOGI("end");
162 }
163
FuzzClientGetSecUserInfo(Parcel & parcel)164 void FuzzClientGetSecUserInfo(Parcel &parcel)
165 {
166 IAM_LOGI("start");
167 int32_t userId = parcel.ReadInt32();
168 auto callback = Common::MakeShared<DummyGetSecUserInfoCallback>();
169 UserIdmClient::GetInstance().GetSecUserInfo(userId, callback);
170 UserIdmClient::GetInstance().GetSecUserInfo(userId, nullptr);
171 IAM_LOGI("end");
172 }
173
FuzzClientClearRedundancyCredential(Parcel & parcel)174 void FuzzClientClearRedundancyCredential(Parcel &parcel)
175 {
176 IAM_LOGI("start");
177 auto callback = Common::MakeShared<DummyUserIdmClientCallback>();
178 UserIdmClient::GetInstance().ClearRedundancyCredential(callback);
179 UserIdmClient::GetInstance().ClearRedundancyCredential(nullptr);
180 IAM_LOGI("end");
181 }
182
183 auto g_IdmCallbackService =
184 Common::MakeShared<IdmCallbackService>(Common::MakeShared<DummyUserIdmClientCallback>());
185
186 auto g_IdmGetCredInfoCallbackService =
187 Common::MakeShared<IdmGetCredInfoCallbackService>(Common::MakeShared<DummyGetCredentialInfoCallback>());
188
189 auto g_IdmGetSecureUserInfoCallbackService =
190 Common::MakeShared<IdmGetSecureUserInfoCallbackService>(Common::MakeShared<DummyGetSecUserInfoCallback>());
191
FuzzIdmCallbackServiceOnResult(Parcel & parcel)192 void FuzzIdmCallbackServiceOnResult(Parcel &parcel)
193 {
194 IAM_LOGI("start");
195 int32_t result = parcel.ReadInt32();
196 std::vector<uint8_t> attr;
197 Common::FillFuzzUint8Vector(parcel, attr);
198 Attributes extraInfo(attr);
199 if (g_IdmCallbackService != nullptr) {
200 g_IdmCallbackService->OnResult(result, extraInfo);
201 }
202 IAM_LOGI("end");
203 }
204
FuzzIdmCallbackServiceOnAcquireInfo(Parcel & parcel)205 void FuzzIdmCallbackServiceOnAcquireInfo(Parcel &parcel)
206 {
207 IAM_LOGI("start");
208 int32_t module = parcel.ReadInt32();
209 int32_t acquireInfo = parcel.ReadInt32();
210 std::vector<uint8_t> attr;
211 Common::FillFuzzUint8Vector(parcel, attr);
212 Attributes extraInfo(attr);
213 if (g_IdmCallbackService != nullptr) {
214 g_IdmCallbackService->OnAcquireInfo(module, acquireInfo, extraInfo);
215 }
216 IAM_LOGI("end");
217 }
218
FuzzCallbackServiceOnCredentialInfos(Parcel & parcel)219 void FuzzCallbackServiceOnCredentialInfos(Parcel &parcel)
220 {
221 IAM_LOGI("start");
222 CredentialInfo info = {};
223 info.authType = static_cast<AuthType>(parcel.ReadInt32());
224 info.credentialId = parcel.ReadUint64();
225 info.templateId = parcel.ReadUint64();
226 info.pinType = static_cast<PinSubType>(parcel.ReadInt32());
227 std::vector<CredentialInfo> credInfoList = {info};
228
229 if (g_IdmGetCredInfoCallbackService != nullptr) {
230 g_IdmGetCredInfoCallbackService->OnCredentialInfos(credInfoList);
231 }
232 IAM_LOGI("end");
233 }
234
FuzzCallbackServiceOnSecureUserInfo(Parcel & parcel)235 void FuzzCallbackServiceOnSecureUserInfo(Parcel &parcel)
236 {
237 IAM_LOGI("start");
238 SecUserInfo secUserInfo = {};
239 secUserInfo.secureUid = parcel.ReadUint64();
240 EnrolledInfo info = {};
241 info.authType = static_cast<AuthType>(parcel.ReadInt32());
242 info.enrolledId = parcel.ReadUint64();
243 secUserInfo.enrolledInfo = {info};
244
245 if (g_IdmGetSecureUserInfoCallbackService != nullptr) {
246 g_IdmGetSecureUserInfoCallbackService->OnSecureUserInfo(secUserInfo);
247 }
248 IAM_LOGI("end");
249 }
250
251 using FuzzFunc = decltype(FuzzClientOpenSession);
252 FuzzFunc *g_fuzzFuncs[] = {
253 FuzzClientOpenSession,
254 FuzzClientCloseSession,
255 FuzzClientAddCredential,
256 FuzzClientUpdateCredential,
257 FuzzClientCancel,
258 FuzzClientDeleteCredential,
259 FuzzClientDeleteUser,
260 FuzzClientEraseUser,
261 FuzzClientGetCredentialInfo,
262 FuzzClientGetSecUserInfo,
263 FuzzIdmCallbackServiceOnResult,
264 FuzzIdmCallbackServiceOnAcquireInfo,
265 FuzzCallbackServiceOnCredentialInfos,
266 FuzzCallbackServiceOnSecureUserInfo,
267 FuzzClientClearRedundancyCredential,
268 };
269
UserIdmClientFuzzTest(const uint8_t * data,size_t size)270 void UserIdmClientFuzzTest(const uint8_t *data, size_t size)
271 {
272 Parcel parcel;
273 parcel.WriteBuffer(data, size);
274 parcel.RewindRead(0);
275 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
276 auto fuzzFunc = g_fuzzFuncs[index];
277 fuzzFunc(parcel);
278 return;
279 }
280 } // namespace
281 } // namespace UserAuth
282 } // namespace UserIam
283 } // namespace OHOS
284
285 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)286 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
287 {
288 OHOS::UserIam::UserAuth::UserIdmClientFuzzTest(data, size);
289 return 0;
290 }
291