From 909017773a9a4dd15b1536343fb4ef4243da99fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=9F=A6=E5=9B=BD=E5=BA=86?= <weiguoqing2@huawei.com>
Date: Wed, 25 Jun 2025 17:46:27 +0800
Subject: [PATCH] add FUZZ
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 韦国庆 <weiguoqing2@huawei.com>
---
 test/commonfuzztest/BUILD.gn                  |  1 +
 .../authpinauth_fuzzer/BUILD.gn               | 80 +++++++++++++++++++
 .../auth_pin_auth_fuzzer.cpp                  | 70 ++++++++++++++++
 .../authpinauth_fuzzer/auth_pin_auth_fuzzer.h | 21 +++++
 .../authpinauth_fuzzer/corpus/init            | 13 +++
 .../authpinauth_fuzzer/project.xml            | 25 ++++++
 .../dm_auth_manager_fuzzer.cpp                | 57 ++++++++++++-
 7 files changed, 263 insertions(+), 4 deletions(-)
 create mode 100644 test/commonfuzztest/authpinauth_fuzzer/BUILD.gn
 create mode 100644 test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp
 create mode 100644 test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h
 create mode 100644 test/commonfuzztest/authpinauth_fuzzer/corpus/init
 create mode 100644 test/commonfuzztest/authpinauth_fuzzer/project.xml

diff --git a/test/commonfuzztest/BUILD.gn b/test/commonfuzztest/BUILD.gn
index b5f1f8d01..6ee840205 100644
--- a/test/commonfuzztest/BUILD.gn
+++ b/test/commonfuzztest/BUILD.gn
@@ -20,6 +20,7 @@ group("fuzztest") {
     "authenticatedevice_fuzzer:fuzztest",
     "authenticatedeviceservice_fuzzer:fuzztest",
     "authenticatedeviceserviceimpl_fuzzer:fuzztest",
+    "authpinauth_fuzzer:fuzztest",
     "dmauthmanager_fuzzer:fuzztest",
     "dmauthmanagerv2_fuzzer:fuzztest",
     "dmanonyous_fuzzer:fuzztest",
diff --git a/test/commonfuzztest/authpinauth_fuzzer/BUILD.gn b/test/commonfuzztest/authpinauth_fuzzer/BUILD.gn
new file mode 100644
index 000000000..9ab8575c5
--- /dev/null
+++ b/test/commonfuzztest/authpinauth_fuzzer/BUILD.gn
@@ -0,0 +1,80 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/distributedhardware/device_manager/device_manager.gni")
+
+##############################fuzztest##########################################
+ohos_fuzztest("AuthPinAuthFuzzTest") {
+  module_out_path = fuzz_test_output_path
+  fuzz_config_file =
+      "${devicemanager_path}/test/commonfuzztest/authpinauth_fuzzer"
+
+  include_dirs = [
+    "${innerkits_path}/native_cpp/include",
+    "${servicesimpl_path}/include/ability",
+    "${servicesimpl_path}/include/adapter",
+    "${servicesimpl_path}/include/authentication_v2",
+    "${servicesimpl_path}/include/dependency/hichain",
+    "${servicesimpl_path}/include/dependency/softbus",
+    "${servicesimpl_path}/include/dependency/timer",
+  ]
+
+  cflags = [
+    "-g",
+    "-O0",
+    "-Dprivate=public",
+    "-Dprotected=public",
+    "-Werror",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+
+  sources = [ "auth_pin_auth_fuzzer.cpp"]
+
+  deps = [
+    "${innerkits_path}/native_cpp:devicemanagersdk",
+    "${services_path}:devicemanagerservicetest",
+    "${servicesimpl_path}:devicemanagerserviceimpl",
+    "${utils_path}:devicemanagerutilstest",
+  ]
+
+  external_deps = [
+    "cJSON:cjson",
+    "device_auth:deviceauth_sdk",
+    "device_info_manager:distributed_device_profile_common",
+    "device_info_manager:distributed_device_profile_sdk",
+    "dsoftbus:softbus_client",
+    "ffrt:libffrt",
+    "hilog:libhilog",
+    "init:libbegetutil",
+    "ipc:ipc_single",
+    "safwk:system_ability_fwk",
+  ]
+
+  defines = [
+    "HI_LOG_ENABLE",
+    "DH_LOG_TAG=\"AuthPinAuthFuzzTest\"",
+    "LOG_DOMAIN=0xD004110",
+  ]
+}
+
+###############################################################################
+group("fuzztest") {
+  testonly = true
+
+  deps = [ ":AuthPinAuthFuzzTest" ]
+}
+###############################################################################
diff --git a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp
new file mode 100644
index 000000000..57f4b469b
--- /dev/null
+++ b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.cpp
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "auth_pin_auth_fuzzer.h"
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <string>
+
+#include "device_manager_service_listener.h"
+#include "dm_auth_state.h"
+#include "dm_auth_state_machine.h"
+#include "dm_freeze_process.h"
+
+namespace OHOS {
+namespace DistributedHardware {
+void AuthPinAuthFuzzTest(const uint8_t* data, size_t size)
+{
+    if ((data == nullptr) || (size < sizeof(int32_t))) {
+        return;
+    }
+    FreezeProcess freezeProcess;
+    FuzzedDataProvider fdp(data, size);
+    std::shared_ptr<DmAuthContext> context = std::make_shared<DmAuthContext>();
+    context->transmitData = fdp.ConsumeRandomLengthString();
+    context->requestId = fdp.ConsumeIntegral<int64_t>();
+    context->accesser.userId = fdp.ConsumeIntegral<int32_t>();
+    
+    std::shared_ptr<DmAuthState> auth1 = std::make_shared<AuthSrcPinAuthStartState>();
+    std::shared_ptr<DmAuthState> auth2 = std::make_shared<AuthSinkPinAuthDoneState>();
+    std::shared_ptr<AuthSrcPinNegotiateStartState> auth3 = std::make_shared<AuthSrcPinNegotiateStartState>();
+    std::shared_ptr<AuthSrcPinInputState> auth4 = std::make_shared<AuthSrcPinInputState>();
+    std::shared_ptr<DmAuthState> auth5 = std::make_shared<AuthSrcReverseUltrasonicStartState>();
+    std::shared_ptr<DmAuthState> auth6 = std::make_shared<AuthSrcForwardUltrasonicStartState>();
+    std::shared_ptr<DmAuthState> auth7 = std::make_shared<AuthSinkReverseUltrasonicDoneState>();
+    std::shared_ptr<DmAuthState> auth8 = std::make_shared<AuthSinkForwardUltrasonicDoneState>();
+    auth1->GetStateType();
+    auth2->GetStateType();
+    int32_t credType = fdp.ConsumeIntegral<int32_t>();
+    auth3->GetCredIdByCredType(context, credType);
+    context->isAppCredentialVerified = true;
+    context->accesser.isGenerateLnnCredential = false;
+    context->listener = std::make_shared<DeviceManagerServiceListener>();
+    auth4->ShowStartAuthDialog(context);
+    auth5->GetStateType();
+    auth6->GetStateType();
+    auth7->GetStateType();
+    auth8->GetStateType();
+}
+}
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    /* Run your code on data */
+    OHOS::DistributedHardware::AuthPinAuthFuzzTest(data, size);
+    return 0;
+}
\ No newline at end of file
diff --git a/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h
new file mode 100644
index 000000000..d9a1a29ba
--- /dev/null
+++ b/test/commonfuzztest/authpinauth_fuzzer/auth_pin_auth_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef AUTH_PIN_AUTH_FUZZER_H
+#define AUTH_PIN_AUTH_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "authpinauth_fuzzer"
+
+#endif // AUTH_PIN_AUTH_FUZZER_H
\ No newline at end of file
diff --git a/test/commonfuzztest/authpinauth_fuzzer/corpus/init b/test/commonfuzztest/authpinauth_fuzzer/corpus/init
new file mode 100644
index 000000000..8f37f0925
--- /dev/null
+++ b/test/commonfuzztest/authpinauth_fuzzer/corpus/init
@@ -0,0 +1,13 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FUZZ
\ No newline at end of file
diff --git a/test/commonfuzztest/authpinauth_fuzzer/project.xml b/test/commonfuzztest/authpinauth_fuzzer/project.xml
new file mode 100644
index 000000000..500f6f414
--- /dev/null
+++ b/test/commonfuzztest/authpinauth_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2025 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
\ No newline at end of file
diff --git a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp
index 8b077a2c0..55d9ba976 100644
--- a/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp
+++ b/test/commonfuzztest/dmauthmanagerv2_fuzzer/dm_auth_manager_fuzzer.cpp
@@ -13,11 +13,15 @@
  * limitations under the License.
  */
 
-#include <string>
+#include "dm_auth_manager_fuzzer.h"
+
 #include <fuzzer/FuzzedDataProvider.h>
-#include "device_manager_service_listener.h"
+#include <string>
+
 #include "auth_manager.h"
-#include "dm_auth_manager_fuzzer.h"
+#include "device_manager_service_listener.h"
+#include "dm_auth_context.h"
+#include "dm_auth_state_machine.h"
 
 namespace OHOS {
 namespace DistributedHardware {
@@ -38,7 +42,7 @@ int64_t g_operationCode = 1;
 int64_t g_localSessionId = 1;
 
 std::map<std::string, std::string> g_bindParam;
-
+const char* PARAM_KEY_AUTH_TYPE = "AUTH_TYPE";
 PeerTargetId g_targetId = {
     .deviceId = "deviceId",
     .brMac = "brMac",
@@ -111,6 +115,50 @@ void DmAuthSinkManagerFuzzTest(const uint8_t* data, size_t size)
     authManager->OnDataReceived(g_sessionId, str);
     authManager->OnAuthDeviceDataReceived(g_sessionId, str);
 }
+
+void DmAuthManagerV2FuzzTest(const uint8_t* data, size_t size)
+{
+    if ((data == nullptr) || (size < sizeof(int32_t))) {
+        return;
+    }
+    std::shared_ptr<SoftbusConnector> softbusConnector = std::make_shared<SoftbusConnector>();
+    std::shared_ptr<IDeviceManagerServiceListener> listener = std::make_shared<DeviceManagerServiceListener>();
+    std::shared_ptr<HiChainAuthConnector> hiChainAuthConnector = std::make_shared<HiChainAuthConnector>();
+    std::shared_ptr<HiChainConnector> hiChainConnector = std::make_shared<HiChainConnector>();
+    FuzzedDataProvider fdp(data, size);
+    int32_t sessionId = fdp.ConsumeIntegral<int32_t>();
+    int32_t sessionSide = fdp.ConsumeIntegral<int32_t>();
+    int32_t result = fdp.ConsumeIntegral<int32_t>();
+    int64_t requestId = fdp.ConsumeIntegral<int64_t>();
+    int32_t errorCode = fdp.ConsumeIntegral<int32_t>();
+    uint64_t logicalSessionId = fdp.ConsumeIntegral<uint64_t>();
+    int32_t authType = fdp.ConsumeIntegral<int32_t>();
+    PeerTargetId targetId = {
+        .deviceId = fdp.ConsumeRandomLengthString(),
+        .brMac = fdp.ConsumeRandomLengthString(),
+        .bleMac = fdp.ConsumeRandomLengthString(),
+        .wifiIp = fdp.ConsumeRandomLengthString(),
+        .wifiPort = fdp.ConsumeIntegral<uint16_t>(),
+    };
+    std::map<std::string, std::string> bindParam = { { "key1", fdp.ConsumeRandomLengthString() },
+        { "key2", fdp.ConsumeRandomLengthString() }, { PARAM_KEY_AUTH_TYPE, "1" } };
+    std::string pkgName = fdp.ConsumeRandomLengthString();
+    std::string deviceId = fdp.ConsumeRandomLengthString();
+    std::string extra = fdp.ConsumeRandomLengthString();
+    std::shared_ptr<AuthManager> authSrcManager =
+        std::make_shared<AuthSrcManager>(softbusConnector, hiChainConnector, listener, hiChainAuthConnector);
+    std::shared_ptr<AuthManager> authSinkManager =
+        std::make_shared<AuthSinkManager>(softbusConnector, hiChainConnector, listener, hiChainAuthConnector);
+    authSrcManager->BindTarget(pkgName, targetId, bindParam, sessionId, logicalSessionId);
+    authSrcManager->GetAuthParam(pkgName, authType, deviceId, extra);
+    authSinkManager->OnSessionOpened(sessionId, sessionSide, result);
+    authSrcManager->OnSessionDisable();
+    authSrcManager->GetIsCryptoSupport();
+    authSinkManager->GetBindTargetParams(pkgName, targetId, bindParam);
+    authSinkManager->SetBindTargetParams(targetId);
+    authSinkManager->ClearSoftbusSessionCallback();
+    authSinkManager->PrepareSoftbusSessionCallback();
+}
 }
 }
 
@@ -120,5 +168,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
     /* Run your code on data */
     OHOS::DistributedHardware::DmAuthSrcManagerFuzzTest(data, size);
     OHOS::DistributedHardware::DmAuthSinkManagerFuzzTest(data, size);
+    OHOS::DistributedHardware::DmAuthManagerV2FuzzTest(data, size);
     return 0;
 }
\ No newline at end of file
-- 
Gitee