1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "co_auth_client_fuzzer.h"
17 
18 #include "parcel.h"
19 
20 #include "co_auth_client.h"
21 #include "executor_callback_service.h"
22 #include "executor_messenger_client.h"
23 #include "iam_fuzz_test.h"
24 #include "iam_logger.h"
25 #include "iam_ptr.h"
26 
27 #define LOG_TAG "USER_AUTH_SDK"
28 
29 namespace OHOS {
30 namespace UserIam {
31 namespace UserAuth {
32 namespace {
33 class DummyExecutorRegisterCallback final : public ExecutorRegisterCallback {
34 public:
OnMessengerReady(const std::shared_ptr<ExecutorMessenger> & messenger,const std::vector<uint8_t> & publicKey,const std::vector<uint64_t> & templateIds)35     void OnMessengerReady(const std::shared_ptr<ExecutorMessenger> &messenger,
36         const std::vector<uint8_t> &publicKey, const std::vector<uint64_t> &templateIds)
37     {
38         IAM_LOGI("start");
39         static_cast<void>(messenger);
40         static_cast<void>(publicKey);
41         static_cast<void>(templateIds);
42     }
43 
OnBeginExecute(uint64_t scheduleId,const std::vector<uint8_t> & publicKey,const Attributes & commandAttrs)44     int32_t OnBeginExecute(uint64_t scheduleId, const std::vector<uint8_t> &publicKey,
45         const Attributes &commandAttrs)
46     {
47         IAM_LOGI("start");
48         static_cast<void>(scheduleId);
49         static_cast<void>(publicKey);
50         static_cast<void>(commandAttrs);
51         return SUCCESS;
52     }
53 
OnEndExecute(uint64_t scheduleId,const Attributes & commandAttrs)54     int32_t OnEndExecute(uint64_t scheduleId, const Attributes &commandAttrs)
55     {
56         IAM_LOGI("start");
57         static_cast<void>(scheduleId);
58         static_cast<void>(commandAttrs);
59         return SUCCESS;
60     }
61 
OnSetProperty(const Attributes & properties)62     int32_t OnSetProperty(const Attributes &properties)
63     {
64         IAM_LOGI("start");
65         static_cast<void>(properties);
66         return SUCCESS;
67     }
68 
OnGetProperty(const Attributes & conditions,Attributes & results)69     int32_t OnGetProperty(const Attributes &conditions, Attributes &results)
70     {
71         IAM_LOGI("start");
72         static_cast<void>(conditions);
73         static_cast<void>(results);
74         return SUCCESS;
75     }
76 
OnSendData(uint64_t scheduleId,const Attributes & data)77     int32_t OnSendData(uint64_t scheduleId, const Attributes &data)
78     {
79         IAM_LOGI("start");
80         static_cast<void>(scheduleId);
81         static_cast<void>(data);
82         return SUCCESS;
83     }
84 };
85 
86 class DummyExecutorMessengerInterface final : public ExecutorMessengerInterface {
87 public:
SendData(uint64_t scheduleId,ExecutorRole dstRole,const std::vector<uint8_t> & msg)88     int32_t SendData(uint64_t scheduleId, ExecutorRole dstRole,
89         const std::vector<uint8_t> &msg) override
90     {
91         IAM_LOGI("start");
92         static_cast<void>(scheduleId);
93         static_cast<void>(dstRole);
94         static_cast<void>(msg);
95         return SUCCESS;
96     }
97 
Finish(uint64_t scheduleId,ResultCode resultCode,const std::shared_ptr<Attributes> & finalResult)98     int32_t Finish(uint64_t scheduleId, ResultCode resultCode, const std::shared_ptr<Attributes> &finalResult) override
99     {
100         IAM_LOGI("start");
101         static_cast<void>(scheduleId);
102         static_cast<void>(resultCode);
103         static_cast<void>(finalResult);
104         return SUCCESS;
105     }
106 
AsObject()107     sptr<IRemoteObject> AsObject() override
108     {
109         sptr<IRemoteObject> tmp(nullptr);
110         return tmp;
111     }
112 };
113 
FillExecutorInfo(Parcel & parcel,ExecutorInfo & info)114 void FillExecutorInfo(Parcel &parcel, ExecutorInfo &info)
115 {
116     info.authType = static_cast<AuthType>(parcel.ReadInt32());
117     info.executorRole = static_cast<ExecutorRole>(parcel.ReadInt32());
118     info.executorMatcher = parcel.ReadUint32();
119     info.executorSensorHint = parcel.ReadUint32();
120     info.esl = static_cast<ExecutorSecureLevel>(parcel.ReadInt32());
121     Common::FillFuzzUint8Vector(parcel, info.publicKey);
122 }
123 
FuzzCoAuthClientRegister(Parcel & parcel)124 void FuzzCoAuthClientRegister(Parcel &parcel)
125 {
126     IAM_LOGI("start");
127     ExecutorInfo info = {};
128     FillExecutorInfo(parcel, info);
129     auto callback = Common::MakeShared<DummyExecutorRegisterCallback>();
130     CoAuthClient::GetInstance().Register(info, callback);
131     IAM_LOGI("end");
132 }
133 
FuzzCoAuthClientUnregister(Parcel & parcel)134 void FuzzCoAuthClientUnregister(Parcel &parcel)
135 {
136     IAM_LOGI("start");
137     ExecutorInfo info = {};
138     uint64_t executorId = parcel.ReadUint64();
139     CoAuthClient::GetInstance().Unregister(executorId);
140     IAM_LOGI("end");
141 }
142 
143 auto g_ExecutorCallbackService =
144     Common::MakeShared<ExecutorCallbackService>(Common::MakeShared<DummyExecutorRegisterCallback>());
145 
146 auto g_ExecutorMessengerClient =
147     Common::MakeShared<ExecutorMessengerClient>(new (std::nothrow) DummyExecutorMessengerInterface());
148 
FuzzExecutorCallbackServiceOnMessengerReady(Parcel & parcel)149 void FuzzExecutorCallbackServiceOnMessengerReady(Parcel &parcel)
150 {
151     IAM_LOGI("start");
152     sptr<ExecutorMessengerInterface> messenger(new (std::nothrow) DummyExecutorMessengerInterface());
153     std::vector<uint8_t> publicKey;
154     Common::FillFuzzUint8Vector(parcel, publicKey);
155     std::vector<uint64_t> templateIdList;
156     Common::FillFuzzUint64Vector(parcel, templateIdList);
157     if (g_ExecutorCallbackService != nullptr) {
158         g_ExecutorCallbackService->OnMessengerReady(messenger, publicKey, templateIdList);
159     }
160     IAM_LOGI("end");
161 }
162 
FuzzExecutorCallbackServiceOnBeginExecute(Parcel & parcel)163 void FuzzExecutorCallbackServiceOnBeginExecute(Parcel &parcel)
164 {
165     IAM_LOGI("start");
166     uint64_t scheduleId = parcel.ReadUint64();
167     std::vector<uint8_t> publicKey;
168     Common::FillFuzzUint8Vector(parcel, publicKey);
169     std::vector<uint8_t> attr;
170     Common::FillFuzzUint8Vector(parcel, attr);
171     Attributes command(attr);
172     if (g_ExecutorCallbackService != nullptr) {
173         g_ExecutorCallbackService->OnBeginExecute(scheduleId, publicKey, command);
174     }
175     IAM_LOGI("end");
176 }
177 
FuzzExecutorCallbackServiceOnEndExecute(Parcel & parcel)178 void FuzzExecutorCallbackServiceOnEndExecute(Parcel &parcel)
179 {
180     IAM_LOGI("start");
181     uint64_t scheduleId = parcel.ReadUint64();
182     std::vector<uint8_t> attr;
183     Common::FillFuzzUint8Vector(parcel, attr);
184     Attributes command(attr);
185     if (g_ExecutorCallbackService != nullptr) {
186         g_ExecutorCallbackService->OnEndExecute(scheduleId, command);
187     }
188     IAM_LOGI("end");
189 }
190 
FuzzExecutorCallbackServiceOnSetProperty(Parcel & parcel)191 void FuzzExecutorCallbackServiceOnSetProperty(Parcel &parcel)
192 {
193     IAM_LOGI("start");
194     std::vector<uint8_t> attr;
195     Common::FillFuzzUint8Vector(parcel, attr);
196     Attributes properties(attr);
197     if (g_ExecutorCallbackService != nullptr) {
198         g_ExecutorCallbackService->OnSetProperty(properties);
199     }
200     IAM_LOGI("end");
201 }
202 
FuzzExecutorCallbackServiceOnGetProperty(Parcel & parcel)203 void FuzzExecutorCallbackServiceOnGetProperty(Parcel &parcel)
204 {
205     IAM_LOGI("start");
206     std::vector<uint8_t> attr;
207     Common::FillFuzzUint8Vector(parcel, attr);
208     Attributes condition(attr);
209     Attributes values;
210     if (g_ExecutorCallbackService != nullptr) {
211         g_ExecutorCallbackService->OnGetProperty(condition, values);
212     }
213     IAM_LOGI("end");
214 }
215 
FuzzExecutorCallbackServiceOnSendData(Parcel & parcel)216 void FuzzExecutorCallbackServiceOnSendData(Parcel &parcel)
217 {
218     IAM_LOGI("start");
219     uint64_t scheduleId = parcel.ReadUint64();
220     Attributes data;
221     if (g_ExecutorCallbackService != nullptr) {
222         g_ExecutorCallbackService->OnSendData(scheduleId, data);
223     }
224     IAM_LOGI("end");
225 }
226 
FuzzExecutorMessengerClientSendData(Parcel & parcel)227 void FuzzExecutorMessengerClientSendData(Parcel &parcel)
228 {
229     IAM_LOGI("start");
230     uint64_t scheduleId = parcel.ReadUint64();
231     auto dstRole = static_cast<ExecutorRole>(parcel.ReadInt32());
232     std::vector<uint8_t> testMessage;
233     Common::FillFuzzUint8Vector(parcel, testMessage);
234     auto msg = AuthMessage::As(testMessage);
235     if (g_ExecutorMessengerClient != nullptr) {
236         g_ExecutorMessengerClient->SendData(scheduleId, dstRole, msg);
237     }
238     IAM_LOGI("end");
239 }
240 
FuzzExecutorMessengerClientFinish(Parcel & parcel)241 void FuzzExecutorMessengerClientFinish(Parcel &parcel)
242 {
243     IAM_LOGI("start");
244     uint64_t scheduleId = parcel.ReadUint64();
245     int32_t resultCode = parcel.ReadInt32();
246     std::vector<uint8_t> attr;
247     Common::FillFuzzUint8Vector(parcel, attr);
248     Attributes finalResult(attr);
249     if (g_ExecutorMessengerClient != nullptr) {
250         g_ExecutorMessengerClient->Finish(scheduleId, resultCode, finalResult);
251     }
252     IAM_LOGI("end");
253 }
254 
255 using FuzzFunc = decltype(FuzzCoAuthClientRegister);
256 FuzzFunc *g_fuzzFuncs[] = {
257     FuzzCoAuthClientRegister,
258     FuzzCoAuthClientUnregister,
259     FuzzExecutorCallbackServiceOnMessengerReady,
260     FuzzExecutorCallbackServiceOnBeginExecute,
261     FuzzExecutorCallbackServiceOnEndExecute,
262     FuzzExecutorCallbackServiceOnSetProperty,
263     FuzzExecutorCallbackServiceOnGetProperty,
264     FuzzExecutorCallbackServiceOnSendData,
265     FuzzExecutorMessengerClientSendData,
266     FuzzExecutorMessengerClientFinish,
267 };
268 
CoAuthClientFuzzTest(const uint8_t * data,size_t size)269 void CoAuthClientFuzzTest(const uint8_t *data, size_t size)
270 {
271     Parcel parcel;
272     parcel.WriteBuffer(data, size);
273     parcel.RewindRead(0);
274     uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
275     auto fuzzFunc = g_fuzzFuncs[index];
276     fuzzFunc(parcel);
277     return;
278 }
279 } // namespace
280 } // namespace UserAuth
281 } // namespace UserIam
282 } // namespace OHOS
283 
284 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)285 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
286 {
287     OHOS::UserIam::UserAuth::CoAuthClientFuzzTest(data, size);
288     return 0;
289 }
290