1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "devauthservauthdevice_fuzzer.h"
17 #include "device_auth.h"
18 #include "device_auth_defines.h"
19 #include "hc_dev_info.h"
20 #include "hc_log.h"
21 #include "json_utils.h"
22 #include "securec.h"
23 #include <unistd.h>
24 
25 #define TEST_APP_NAME "ohos.security.deviceauth"
26 
27 namespace OHOS {
28     static char g_groupId[128] = { 0 };
29 
OnError(int64_t requestId,int operationCode,int errorCode,const char * errorReturn)30     static void OnError(int64_t requestId, int operationCode, int errorCode, const char *errorReturn)
31     {
32         LOGE("error return: %s", errorReturn);
33     }
34 
OnFinish(int64_t requestId,int operationCode,const char * authReturn)35     static void OnFinish(int64_t requestId, int operationCode, const char *authReturn)
36     {
37         LOGI("return value: %s", authReturn);
38         if (operationCode == GROUP_CREATE) {
39             CJson *json = CreateJsonFromString(authReturn);
40             if (json != nullptr) {
41                 const char *data = GetStringFromJson(json, FIELD_GROUP_ID);
42                 if (data != nullptr) {
43                     (void)memcpy_s(g_groupId, sizeof(g_groupId), data, strlen(data));
44                     g_groupId[strlen(data)] = 0;
45                 }
46                 FreeJson(json);
47             }
48         }
49     }
50 
OnSessionKeyReturned(int64_t requestId,const uint8_t * sessionKey,uint32_t sessionKeyLen)51     static void OnSessionKeyReturned(int64_t requestId, const uint8_t *sessionKey, uint32_t sessionKeyLen) {}
52 
OnTransmit(int64_t requestId,const uint8_t * data,uint32_t dataLen)53     static bool OnTransmit(int64_t requestId, const uint8_t *data, uint32_t dataLen)
54     {
55         return true;
56     }
57 
OnRequest(int64_t requestId,int operationCode,const char * reqParam)58     static char *OnRequest(int64_t requestId, int operationCode, const char* reqParam)
59     {
60         return nullptr;
61     }
62 
63     static DeviceAuthCallback g_devAuthCallback = {
64         .onTransmit = OnTransmit,
65         .onSessionKeyReturned = OnSessionKeyReturned,
66         .onFinish = OnFinish,
67         .onError = OnError,
68         .onRequest = OnRequest,
69     };
70 
GenerateAuthParamsJson(CJson * json,const char * deviceId)71     static void GenerateAuthParamsJson(CJson *json, const char *deviceId)
72     {
73         AddStringToJson(json, FIELD_PEER_CONN_DEVICE_ID, deviceId);
74         AddStringToJson(json, FIELD_SERVICE_PKG_NAME, TEST_APP_NAME);
75         AddBoolToJson(json, FIELD_IS_CLIENT, true);
76         AddBoolToJson(json, FIELD_IS_DEVICE_LEVEL, true);
77     }
78 
FuzzDoAuthDevice(const uint8_t * data,size_t size)79     bool FuzzDoAuthDevice(const uint8_t* data, size_t size)
80     {
81         if (data == nullptr) {
82             return false;
83         }
84         InitDeviceAuthService();
85         std::string appId(reinterpret_cast<const char *>(data), size);
86         const DeviceGroupManager *gmInstance = GetGmInstance();
87         gmInstance->regCallback(appId.c_str(), &g_devAuthCallback);
88         CJson *createJson = CreateJson();
89         AddStringToJson(createJson, FIELD_GROUP_NAME, appId.c_str());
90         char localUdid[INPUT_UDID_LEN] = { 0 };
91         HcGetUdid(reinterpret_cast<uint8_t *>(localUdid), INPUT_UDID_LEN);
92         AddStringToJson(createJson, FIELD_DEVICE_ID, localUdid);
93         AddIntToJson(createJson, FIELD_GROUP_TYPE, PEER_TO_PEER_GROUP);
94         char *createParams = PackJsonToString(createJson);
95         FreeJson(createJson);
96         int64_t reqId = 123;
97         gmInstance->createGroup(0, reqId, appId.c_str(), createParams);
98         sleep(1);
99         ClearAndFreeJsonString(createParams);
100         std::string deviceId(reinterpret_cast<const char *>(data), size);
101         CJson *authParamsJson = CreateJson();
102         GenerateAuthParamsJson(authParamsJson, deviceId.c_str());
103         char *authParams = PackJsonToString(authParamsJson);
104         FreeJson(authParamsJson);
105         LOGI("auth params str:%s", authParams);
106         const GroupAuthManager *gaInstance = GetGaInstance();
107         gaInstance->authDevice(0, reqId, authParams, &g_devAuthCallback);
108         sleep(1);
109         ClearAndFreeJsonString(authParams);
110         DestroyDeviceAuthService();
111         return true;
112     }
113 }
114 
115 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)116 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
117 {
118     /* Run your code on data */
119     OHOS::FuzzDoAuthDevice(data, size);
120     return 0;
121 }
122 
123