diff --git a/test/servicesfuzztest/BUILD.gn b/test/servicesfuzztest/BUILD.gn index c189eb8b0adb0ac948c10790209b24b41f56467c..074d1cd33715a9f81bbaddd058e4493560e36ee3 100644 --- a/test/servicesfuzztest/BUILD.gn +++ b/test/servicesfuzztest/BUILD.gn @@ -16,6 +16,7 @@ group("fuzztest") { deps = [ "authconfirm_fuzzer:fuzztest", + "authmanager_fuzzer:fuzztest", "authmessageprocessor_fuzzer:fuzztest", "cryptomgr_fuzzer:fuzztest", "devicediscovery_fuzzer:fuzztest", diff --git a/test/servicesfuzztest/authmanager_fuzzer/BUILD.gn b/test/servicesfuzztest/authmanager_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..c2add4c2d3e2dec16c3e15b5de7c93fe3a0eac8a --- /dev/null +++ b/test/servicesfuzztest/authmanager_fuzzer/BUILD.gn @@ -0,0 +1,77 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributedhardware/device_manager/device_manager.gni") + +##############################fuzztest########################################## +ohos_fuzztest("AuthManagerFuzzTest") { + module_out_path = fuzz_test_output_path + fuzz_config_file = + "${devicemanager_path}/test/servicesfuzztest/authmanager_fuzzer" + + include_dirs = [ + "${innerkits_path}/native_cpp/include", + "${innerkits_path}/native_cpp/include/ipc", + "${innerkits_path}/native_cpp/include/ipc/standard", + ] + + cflags = [ + "-g", + "-O0", + "-Dprivate=public", + "-Dprotected=public", + "-Werror", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "auth_manager_fuzzer.cpp" ] + + deps = [ + "${innerkits_path}/native_cpp:devicemanagersdk", + "${json_path}:devicemanagerjson", + "${services_path}:devicemanagerservicetest", + "${servicesimpl_path}:devicemanagerserviceimpl", + ] + + external_deps = [ + "bounds_checking_function:libsec_shared", + "device_auth:deviceauth_sdk", + "device_info_manager:distributed_device_profile_common", + "device_info_manager:distributed_device_profile_sdk", + "dsoftbus:softbus_client", + "ffrt:libffrt", + "hilog:libhilog", + "init:libbegetutil", + "ipc:ipc_single", + "kv_store:distributeddata_inner", + "samgr:samgr_proxy", + ] + + defines = [ + "HI_LOG_ENABLE", + "DH_LOG_TAG=\"AuthManagerFuzzTest\"", + "LOG_DOMAIN=0xD004110", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":AuthManagerFuzzTest" ] +} +############################################################################### diff --git a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f5026935e9549c36f04c656b654dc0a4f983793b --- /dev/null +++ b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp @@ -0,0 +1,410 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include + +#include "auth_manager_fuzzer.h" + +#include "auth_manager.h" +#include "deviceprofile_connector.h" +#include "device_manager_service_listener.h" +#include "dm_anonymous.h" +#include "dm_auth_context.h" +#include "dm_auth_manager_base.h" +#include "auth_manager.h" +#include "dm_auth_state_machine.h" +#include "dm_constants.h" +#include "dm_crypto.h" +#include "dm_log.h" + + +namespace OHOS { +namespace DistributedHardware { +namespace { + std::shared_ptr dmAuthMessageProcessor_ = std::make_shared(); + std::shared_ptr softbusConnector = std::make_shared(); + std::shared_ptr listener = std::make_shared(); + std::shared_ptr hiChainAuthConnector = std::make_shared(); + std::shared_ptr hiChainConnector = std::make_shared(); + std::shared_ptr authManager = std::make_shared(softbusConnector, + hiChainConnector, listener, hiChainAuthConnector); + std::shared_ptr context_ = authManager->GetAuthContext(); + std::shared_ptr authSinkManager = std::make_shared(softbusConnector, hiChainConnector, + listener, hiChainAuthConnector); +} + +void ConvertSrcVersionFuzzTest(FuzzedDataProvider &fdp) +{ + std::string version = fdp.ConsumeRandomLengthString(); + std::string edition = fdp.ConsumeRandomLengthString(); + CleanNotifyCallback cleanNotifyCallback; + authManager->RegisterCleanNotifyCallback(cleanNotifyCallback); + authManager->SetAuthContext(context_); + authManager->GetAuthContext(); + authManager->GeneratePincode(); + authManager->ConvertSrcVersion(version, edition); +} + +void RegisterUiStateCallbackFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + authManager->RegisterUiStateCallback(pkgName); +} + +void UnRegisterUiStateCallbackFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + authManager->UnRegisterUiStateCallback(pkgName); +} + +void UnAuthenticateDeviceFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string udid = fdp.ConsumeRandomLengthString(); + int32_t bindLevel = fdp.ConsumeIntegral(); + authManager->UnAuthenticateDevice(pkgName, udid, bindLevel); +} + +void ImportAuthCodeFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string authCode = fdp.ConsumeRandomLengthString(); + authManager->ImportAuthCode(pkgName, authCode); +} + +void UnBindDeviceFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + int32_t bindLevel = fdp.ConsumeIntegral(); + std::string udid = fdp.ConsumeRandomLengthString(); + std::string extra = fdp.ConsumeRandomLengthString(); + authManager->UnBindDevice(pkgName, udid, bindLevel, extra); +} + +void StopAuthenticateDeviceFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + authManager->StopAuthenticateDevice(pkgName); + authManager->OnScreenLocked(); +} + +void HandleDeviceNotTrustFuzzTest(FuzzedDataProvider &fdp) +{ + std::string udid = fdp.ConsumeRandomLengthString(); + authManager->HandleDeviceNotTrust(udid); +} + +void RegisterAuthenticationTypeFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t authenticationType = fdp.ConsumeIntegral(); + authManager->RegisterAuthenticationType(authenticationType); + authManager->GetReason(); +} + +void AuthDeviceSessionKeyFuzzTest(FuzzedDataProvider &fdp) +{ + int64_t requestId = fdp.ConsumeIntegral(); + uint8_t sessionKey = fdp.ConsumeIntegral(); + uint32_t sessionKeyLen = fdp.ConsumeIntegral(); + authManager->AuthDeviceSessionKey(requestId, &sessionKey, sessionKeyLen); +} + +void AuthDeviceRequestFuzzTest(FuzzedDataProvider &fdp) +{ + int64_t requestId = fdp.ConsumeIntegral(); + int operationCode = fdp.ConsumeIntegral(); + const char* reqParams = fdp.ConsumeRandomLengthString().c_str(); + authManager->AuthDeviceRequest(requestId, operationCode, reqParams); +} + +void SetAuthTypeFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t authType = fdp.ConsumeIntegral(); + authManager->SetAuthType(authType); +} + +void IsAuthTypeSupportedFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t authType = fdp.ConsumeIntegral(); + authManager->IsAuthTypeSupported(authType); +} + +void CheckAuthParamVaildFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceId = fdp.ConsumeRandomLengthString(); + std::string extra = fdp.ConsumeRandomLengthString(); + int32_t authType = fdp.ConsumeIntegral(); + authManager->CheckAuthParamVaild(pkgName, authType, deviceId, extra); +} + +void ParseHmlInfoInJsonObjectFuzzTest(FuzzedDataProvider &fdp) +{ + JsonObject jsonObject; + jsonObject[PARAM_KEY_CONN_SESSIONTYPE] = fdp.ConsumeRandomLengthString(); + jsonObject[PARAM_KEY_HML_ENABLE_160M] = fdp.ConsumeBool(); + jsonObject[PARAM_KEY_HML_ACTIONID] = fdp.ConsumeRandomLengthString(); + authManager->ParseHmlInfoInJsonObject(jsonObject); +} + +void ParseJsonObjectFuzzTest(FuzzedDataProvider &fdp) +{ + JsonObject jsonObject; + jsonObject[APP_OPERATION_KEY] = fdp.ConsumeRandomLengthString(); + jsonObject[CUSTOM_DESCRIPTION_KEY] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_APP_THUMBNAIL2] = fdp.ConsumeRandomLengthString(); + jsonObject[PARAM_CLOSE_SESSION_DELAY_SECONDS] = fdp.ConsumeRandomLengthString(); + jsonObject[TAG_PEER_PKG_NAME] = fdp.ConsumeRandomLengthString(); + authManager->ParseJsonObject(jsonObject); +} + +void GetTokenIdByBundleNameFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t userId = fdp.ConsumeIntegral(); + std::string bundleName = fdp.ConsumeRandomLengthString(); + int64_t tokenId = fdp.ConsumeIntegral(); + authManager->GetTokenIdByBundleName(userId, bundleName, tokenId); +} + +void GetBindLevelFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t bindLevel = fdp.ConsumeIntegral(); + authManager->GetBindLevel(bindLevel); +} + +void GetAuthParamFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t authType = fdp.ConsumeIntegral(); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceId = fdp.ConsumeRandomLengthString(); + std::string extra = fdp.ConsumeRandomLengthString(); + authManager->GetAuthParam(pkgName, authType, deviceId, extra); +} + +void InitAuthStateFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t authType = fdp.ConsumeIntegral(); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceId = fdp.ConsumeRandomLengthString(); + std::string extra = fdp.ConsumeRandomLengthString(); + authManager->InitAuthState(pkgName, authType, deviceId, extra); +} + +void AuthenticateDeviceFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t authType = fdp.ConsumeIntegral(); + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string deviceId = fdp.ConsumeRandomLengthString(); + std::string extra = fdp.ConsumeRandomLengthString(); + authManager->AuthenticateDevice(pkgName, authType, deviceId, extra); +} + +void AuthDeviceErrorFuzzTest(FuzzedDataProvider &fdp) +{ + int64_t requestId = fdp.ConsumeIntegral(); + int32_t errorCode = fdp.ConsumeIntegral(); + authManager->AuthDeviceError(requestId, errorCode); +} + +void AuthDeviceFinishFuzzTest(FuzzedDataProvider &fdp) +{ + int64_t requestId = fdp.ConsumeIntegral(); + authManager->AuthDeviceFinish(requestId); +} + +void GetPinCodeFuzzTest(FuzzedDataProvider &fdp) +{ + std::string code = fdp.ConsumeRandomLengthString(); + authManager->GetPinCode(code); +} + +void GetAuthCodeAndPkgNameFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + std::string authCode = fdp.ConsumeRandomLengthString(); + authManager->GetAuthCodeAndPkgName(pkgName, authCode); +} + +void IsAuthCodeReadyFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + authManager->IsAuthCodeReady(pkgName); +} + +void ParseUltrasonicSideFuzzTest(FuzzedDataProvider &fdp) +{ + JsonObject jsonObject; + jsonObject[TAG_ULTRASONIC_SIDE] = fdp.ConsumeRandomLengthString(); + authManager->ParseUltrasonicSide(jsonObject); +} + +void BindTargetFuzzTest(FuzzedDataProvider &fdp) +{ + std::string pkgName = fdp.ConsumeRandomLengthString(); + PeerTargetId targetId; + std::map bindParam; + int sessionId = fdp.ConsumeIntegral(); + uint64_t logicalSessionId = fdp.ConsumeIntegral(); + authManager->BindTarget(pkgName, targetId, bindParam, sessionId, logicalSessionId); +} + +void OnSessionClosedFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t sessionId = fdp.ConsumeIntegral(); + authSinkManager->OnSessionClosed(sessionId); +} + +void OnDataReceivedFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t sessionId = fdp.ConsumeIntegral(); + std::string message = fdp.ConsumeRandomLengthString(); + authSinkManager->OnDataReceived(sessionId, message); + authSinkManager->GetIsCryptoSupport(); +} + +void GetRemoteDeviceIdFuzzTest(FuzzedDataProvider &fdp) +{ + std::string deviceId = fdp.ConsumeRandomLengthString(); + authManager->GetRemoteDeviceId(deviceId); +} + +void OnUserOperationFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t action = fdp.ConsumeIntegral(); + std::string params = fdp.ConsumeRandomLengthString(); + authSinkManager->OnUserOperation(action, params); +} + +void OnSessionOpenedFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t sessionId = fdp.ConsumeIntegral(); + int32_t sessionSide = fdp.ConsumeIntegral(); + int32_t result = fdp.ConsumeIntegral(); + authManager->OnSessionOpened(sessionId, sessionSide, result); +} + +void OnSrcSessionClosedFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t sessionId = fdp.ConsumeIntegral(); + authManager->OnSessionClosed(sessionId); +} + +void OnSrcDataReceivedFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t sessionId = fdp.ConsumeIntegral(); + std::string message = fdp.ConsumeRandomLengthString(); + authManager->OnDataReceived(sessionId, message); + authManager->OnSessionDisable(); + authManager->GetIsCryptoSupport(); +} + +void OnSrcUserOperationFuzzTest(FuzzedDataProvider &fdp) +{ + int32_t action = fdp.ConsumeIntegral(); + std::string params = fdp.ConsumeRandomLengthString(); + authManager->OnUserOperation(action, params); +} + +void AuthDeviceTransmitFuzzTest(FuzzedDataProvider &fdp) +{ + int64_t requestId = fdp.ConsumeIntegral(); + uint8_t data = fdp.ConsumeIntegral(); + uint32_t dataLen = fdp.ConsumeIntegral(); + authManager->AuthDeviceTransmit(requestId, &data, dataLen); +} + +void AuthSinkDeviceTransmitFuzzTest(FuzzedDataProvider &fdp) +{ + int64_t requestId = fdp.ConsumeIntegral(); + uint8_t data = fdp.ConsumeIntegral(); + uint32_t dataLen = fdp.ConsumeIntegral(); + authSinkManager->AuthDeviceTransmit(requestId, &data, dataLen); +} + +void AuthSinkDeviceSessionKeyFuzzTest(FuzzedDataProvider &fdp) +{ + int64_t requestId = fdp.ConsumeIntegral(); + uint8_t sessionKey = fdp.ConsumeIntegral(); + uint32_t sessionKeyLen = fdp.ConsumeIntegral(); + authSinkManager->AuthDeviceSessionKey(requestId, &sessionKey, sessionKeyLen); +} + +void AuthSinkDeviceRequestFuzzTest(FuzzedDataProvider &fdp) +{ + int64_t requestId = fdp.ConsumeIntegral(); + int operationCode = fdp.ConsumeIntegral(); + const char* reqParams = fdp.ConsumeRandomLengthString().c_str(); + authSinkManager->AuthDeviceRequest(requestId, operationCode, reqParams); + authManager->DeleteTimer(); + authManager->GetBindCallerInfo(); +} + +void AuthManagerFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + FuzzedDataProvider fdp(data, size); + ConvertSrcVersionFuzzTest(fdp); + RegisterUiStateCallbackFuzzTest(fdp); + UnRegisterUiStateCallbackFuzzTest(fdp); + UnAuthenticateDeviceFuzzTest(fdp); + ImportAuthCodeFuzzTest(fdp); + UnBindDeviceFuzzTest(fdp); + StopAuthenticateDeviceFuzzTest(fdp); + HandleDeviceNotTrustFuzzTest(fdp); + RegisterAuthenticationTypeFuzzTest(fdp); + AuthDeviceSessionKeyFuzzTest(fdp); + AuthDeviceRequestFuzzTest(fdp); + SetAuthTypeFuzzTest(fdp); + IsAuthTypeSupportedFuzzTest(fdp); + ParseHmlInfoInJsonObjectFuzzTest(fdp); + CheckAuthParamVaildFuzzTest(fdp); + ParseJsonObjectFuzzTest(fdp); + GetBindLevelFuzzTest(fdp); + GetAuthParamFuzzTest(fdp); + InitAuthStateFuzzTest(fdp); + AuthDeviceErrorFuzzTest(fdp); + AuthDeviceFinishFuzzTest(fdp); + GetAuthCodeAndPkgNameFuzzTest(fdp); + GetPinCodeFuzzTest(fdp); + GetTokenIdByBundleNameFuzzTest(fdp); + AuthenticateDeviceFuzzTest(fdp); + BindTargetFuzzTest(fdp); + ParseUltrasonicSideFuzzTest(fdp); + IsAuthCodeReadyFuzzTest(fdp); + AuthSinkDeviceSessionKeyFuzzTest(fdp); + OnSessionClosedFuzzTest(fdp); + OnDataReceivedFuzzTest(fdp); + GetRemoteDeviceIdFuzzTest(fdp); + OnUserOperationFuzzTest(fdp); + OnSessionOpenedFuzzTest(fdp); + OnSrcSessionClosedFuzzTest(fdp); + OnSrcUserOperationFuzzTest(fdp); + AuthDeviceTransmitFuzzTest(fdp); + AuthSinkDeviceTransmitFuzzTest(fdp); + AuthSinkDeviceSessionKeyFuzzTest(fdp); + AuthSinkDeviceRequestFuzzTest(fdp); +} +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::DistributedHardware::AuthManagerFuzzTest(data, size); + return 0; +} diff --git a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.h b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..175ded70754c7aa60efd9338715183dab34a7820 --- /dev/null +++ b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef AUTH_MANAGER_FUZZER_H +#define AUTH_MANAGER_FUZZER_H + +#define FUZZ_PROJECT_NAME "authmanager_fuzzer" + +#endif // AUTH_MANAGER_FUZZER_H diff --git a/test/servicesfuzztest/authmanager_fuzzer/corpus/init b/test/servicesfuzztest/authmanager_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..490dc43564005848ae0dfbd1d6f79cd81c28e2db --- /dev/null +++ b/test/servicesfuzztest/authmanager_fuzzer/corpus/init @@ -0,0 +1,13 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FUZZ diff --git a/test/servicesfuzztest/authmanager_fuzzer/project.xml b/test/servicesfuzztest/authmanager_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..0aef325cd0f79cb8cfb98a9313436e3633dad54c --- /dev/null +++ b/test/servicesfuzztest/authmanager_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + +