From 1219fb27c05ccf2ea2f01aeac8b71920dd87219a Mon Sep 17 00:00:00 2001
From: wangbaidong <wangbaidong@huawei.com>
Date: Sat, 5 Jul 2025 20:01:52 +0800
Subject: [PATCH] add fuzz

Signed-off-by: wangbaidong <wangbaidong@huawei.com>
---
 .../authcredential_fuzzer/BUILD.gn            |  1 +
 .../auth_credential_fuzzer.cpp                | 51 +++++++++++++++++++
 .../dm_negotiate_process_fuzzer.cpp           | 44 ++++++++++++++++
 .../auth_manager_fuzzer.cpp                   | 46 +++++++++++++++++
 4 files changed, 142 insertions(+)

diff --git a/test/commonfuzztest/authcredential_fuzzer/BUILD.gn b/test/commonfuzztest/authcredential_fuzzer/BUILD.gn
index 5928e20dd..95b5069e4 100644
--- a/test/commonfuzztest/authcredential_fuzzer/BUILD.gn
+++ b/test/commonfuzztest/authcredential_fuzzer/BUILD.gn
@@ -46,6 +46,7 @@ ohos_fuzztest("AuthCredentialFuzzTest") {
 
   deps = [
     "${innerkits_path}/native_cpp:devicemanagersdk",
+    "${json_path}:devicemanagerjson",
     "${services_path}:devicemanagerservicetest",
     "${servicesimpl_path}:devicemanagerserviceimpl",
     "${utils_path}:devicemanagerutilstest",
diff --git a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp
index df8f7027a..9e258bf0b 100644
--- a/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp
+++ b/test/commonfuzztest/authcredential_fuzzer/auth_credential_fuzzer.cpp
@@ -19,6 +19,7 @@
 #include <string>
 
 #include "device_manager_service_listener.h"
+#include "dm_auth_message_processor.h"
 #include "dm_auth_state.h"
 #include "dm_freeze_process.h"
 
@@ -26,6 +27,53 @@ namespace OHOS {
 namespace DistributedHardware {
 constexpr uint32_t SERVICE = 2;
 
+void DerivativeSessionKeyFuzzTest(const uint8_t* data, size_t size)
+{
+    if ((data == nullptr) || (size < sizeof(int32_t))) {
+        return;
+    }
+    FuzzedDataProvider fdp(data, size);
+    std::shared_ptr<DmAuthContext> context = std::make_shared<DmAuthContext>();
+    context->IsProxyBind = true;
+    context->accesser.userId = fdp.ConsumeIntegral<int32_t>();
+    context->accesser.transmitSessionKeyId = fdp.ConsumeIntegral<int32_t>();
+    DmProxyAuthContext dmProxyAuthContext;
+    context->subjectProxyOnes.push_back(dmProxyAuthContext);
+    std::shared_ptr<AuthSrcCredentialAuthDoneState> authPtr = std::make_shared<AuthSrcCredentialAuthDoneState>();
+    context->authMessageProcessor = std::make_shared<DmAuthMessageProcessor>();
+    authPtr->DerivativeSessionKey(context);
+}
+
+void DerivativeProxySessionKeyFuzzTest(const uint8_t* data, size_t size)
+{
+    if ((data == nullptr) || (size < sizeof(int32_t))) {
+        return;
+    }
+    FuzzedDataProvider fdp(data, size);
+    std::shared_ptr<DmAuthContext> context = std::make_shared<DmAuthContext>();
+    context->reUseCreId = fdp.ConsumeRandomLengthString();
+    context->IsProxyBind = true;
+    context->accesser.isAuthed = true;
+    context->accesser.deviceIdHash = fdp.ConsumeRandomLengthString();
+    context->accessee.deviceIdHash = fdp.ConsumeRandomLengthString();
+    context->accesser.tokenIdHash = fdp.ConsumeRandomLengthString();
+    context->accessee.tokenIdHash = fdp.ConsumeRandomLengthString();
+    context->accesser.userId = fdp.ConsumeIntegral<int32_t>();
+    context->accesser.transmitSkTimeStamp = fdp.ConsumeIntegral<int64_t>();
+    context->accesser.transmitSessionKeyId = fdp.ConsumeIntegral<int32_t>();
+    context->authMessageProcessor = std::make_shared<DmAuthMessageProcessor>();
+    DmProxyAuthContext dmProxyAuthContext;
+    context->subjectProxyOnes.push_back(dmProxyAuthContext);
+    std::shared_ptr<AuthSrcCredentialAuthDoneState> authSrcPtr = std::make_shared<AuthSrcCredentialAuthDoneState>();
+    authSrcPtr->DerivativeProxySessionKey(context);
+    std::shared_ptr<AuthSinkCredentialAuthNegotiateState> authSinkPtr =
+        std::make_shared<AuthSinkCredentialAuthNegotiateState>();
+    authSinkPtr->DerivativeSessionKey(context);
+    std::shared_ptr<AuthCredentialAgreeState> authCrePtr = std::make_shared<AuthSrcCredentialExchangeState>();
+    JsonObject jsonObject;
+    authCrePtr->GenerateTokenIds(context, jsonObject);
+}
+
 void AuthCredentialFuzzTest(const uint8_t* data, size_t size)
 {
     if ((data == nullptr) || (size < sizeof(int32_t))) {
@@ -59,6 +107,9 @@ void AuthCredentialFuzzTest(const uint8_t* data, size_t size)
     authForth->GetStateType();
     authFifth->GetStateType();
     authSixth->GetStateType();
+
+    DerivativeSessionKeyFuzzTest(data, size);
+    DerivativeProxySessionKeyFuzzTest(data, size);
 }
 }
 }
diff --git a/test/commonfuzztest/dmnegotiateprocess_fuzzer/dm_negotiate_process_fuzzer.cpp b/test/commonfuzztest/dmnegotiateprocess_fuzzer/dm_negotiate_process_fuzzer.cpp
index 4a4bd8d94..51c8eb047 100644
--- a/test/commonfuzztest/dmnegotiateprocess_fuzzer/dm_negotiate_process_fuzzer.cpp
+++ b/test/commonfuzztest/dmnegotiateprocess_fuzzer/dm_negotiate_process_fuzzer.cpp
@@ -19,11 +19,52 @@
 #include <string>
 
 #include "device_manager_service_listener.h"
+#include "dm_auth_state.h"
 #include "dm_negotiate_process.h"
 
 namespace OHOS {
 namespace DistributedHardware {
 
+void RespQueryProxyAcceseeIdsFuzzTest(const uint8_t* data, size_t size)
+{
+    if ((data == nullptr) || (size < sizeof(int32_t))) {
+        return;
+    }
+    FuzzedDataProvider fdp(data, size);
+    std::shared_ptr<DmAuthContext> context = std::make_shared<DmAuthContext>();
+    context->IsProxyBind = true;
+    context->accessee.userId = fdp.ConsumeIntegral<int32_t>();
+    DmProxyAuthContext dmProxyAuthContext;
+    dmProxyAuthContext.proxyAccessee.bundleName = fdp.ConsumeRandomLengthString();
+    dmProxyAuthContext.proxyAccessee.tokenId = fdp.ConsumeIntegral<int64_t>();
+    context->subjectProxyOnes.push_back(dmProxyAuthContext);
+    std::shared_ptr<AuthSinkNegotiateStateMachine> authSinkPtr = std::make_shared<AuthSinkNegotiateStateMachine>();
+    authSinkPtr->RespQueryProxyAcceseeIds(context);
+}
+
+void GetSinkProxyCredTypeForP2PFuzzTest(const uint8_t* data, size_t size)
+{
+    if ((data == nullptr) || (size < sizeof(int32_t))) {
+        return;
+    }
+    FuzzedDataProvider fdp(data, size);
+    std::shared_ptr<DmAuthContext> context = std::make_shared<DmAuthContext>();
+    context->IsProxyBind = true;
+    context->accessee.userId = fdp.ConsumeIntegral<int32_t>();
+    DmProxyAuthContext dmProxyAuthContext;
+    dmProxyAuthContext.proxyAccessee.bundleName = fdp.ConsumeRandomLengthString();
+    dmProxyAuthContext.proxyAccessee.tokenId = fdp.ConsumeIntegral<int64_t>();
+    dmProxyAuthContext.proxyAccessee.credInfoJson = fdp.ConsumeRandomLengthString();
+    dmProxyAuthContext.proxyAccessee.aclTypeList = fdp.ConsumeRandomLengthString();
+    dmProxyAuthContext.proxyAccessee.credTypeList = fdp.ConsumeRandomLengthString();
+    context->subjectProxyOnes.push_back(dmProxyAuthContext);
+    std::shared_ptr<AuthSinkNegotiateStateMachine> authSinkPtr = std::make_shared<AuthSinkNegotiateStateMachine>();
+    std::vector<std::string> deleteCredInfo;
+    authSinkPtr->GetSinkProxyCredTypeForP2P(context, deleteCredInfo);
+    DistributedDeviceProfile::AccessControlProfile profile;
+    authSinkPtr->GetSinkProxyAclInfoForP2P(context, profile);
+}
+
 void DmNegotiateProcessFuzzTest(const uint8_t* data, size_t size)
 {
     if ((data == nullptr) || (size < sizeof(int32_t))) {
@@ -66,6 +107,9 @@ void DmNegotiateProcessFuzzTest(const uint8_t* data, size_t size)
     p2pCredP2pAclImportAuthType.NegotiateHandle(context);
     P2pCredP2pAclInputAuthType p2pCredP2pAclInputAuthType;
     p2pCredP2pAclInputAuthType.NegotiateHandle(context);
+
+    RespQueryProxyAcceseeIdsFuzzTest(data, size);
+    GetSinkProxyCredTypeForP2PFuzzTest(data, size);
 }
 } // namespace DistributedHardware
 } // namespace OHOS
diff --git a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp
index 594728573..7adab1c32 100644
--- a/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp
+++ b/test/servicesfuzztest/authmanager_fuzzer/auth_manager_fuzzer.cpp
@@ -376,6 +376,49 @@ void HandleBusinessEventsFuzzTest(FuzzedDataProvider &fdp)
     authManager->PrepareSoftbusSessionCallback();
 }
 
+void CheckProxyAuthParamVaildFuzzTest(FuzzedDataProvider &fdp)
+{
+    std::string extra = fdp.ConsumeRandomLengthString();
+    authManager->CheckProxyAuthParamVaild(extra);
+
+    JsonObject jsonObject;
+    jsonObject[PARAM_KEY_IS_PROXY_BIND] = "true";
+    std::string bundleNameDemoA = "com.ohos.devicemanagerdemoA";
+    std::string bundleNameDemoGame = "com.game.gamenearbydemo";
+    JsonObject jsonA;
+    jsonA["pakgName"] = bundleNameDemoA;
+    jsonA["bundleName"] = bundleNameDemoA;
+
+    JsonObject jsonGame;
+    jsonGame["pakgName"] = bundleNameDemoGame;
+    jsonGame["bundleName"] = bundleNameDemoGame;
+
+    JsonObject subJsonArr(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
+    subJsonArr.PushBack(jsonA);
+    subJsonArr.PushBack(jsonGame);
+    jsonObject[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS] = subJsonArr.Dump();
+    std::string extra1 = jsonObject.Dump();
+    authManager->CheckProxyAuthParamVaild(extra1);
+    authManager->ParseProxyJsonObject(jsonObject);
+}
+
+void ParseProxyJsonObjectFuzzTest(FuzzedDataProvider &fdp)
+{
+    JsonObject jsonObject;
+    jsonObject[PARAM_KEY_IS_PROXY_BIND] = fdp.ConsumeRandomLengthString();
+    jsonObject[PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT] = fdp.ConsumeRandomLengthString();
+    jsonObject[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS] = fdp.ConsumeRandomLengthString();
+    authManager->ParseProxyJsonObject(jsonObject);
+}
+
+void GetBindLevelByBundleNameFuzzTest(FuzzedDataProvider &fdp)
+{
+    std::string bundleName = fdp.ConsumeRandomLengthString();
+    int32_t requestId = fdp.ConsumeIntegral<int32_t>();
+    int32_t bindLevel = 0;
+    authManager->GetBindLevelByBundleName(bundleName, requestId, bindLevel);
+}
+
 void AuthManagerFuzzTest(const uint8_t* data, size_t size)
 {
     if ((data == nullptr) || (size == 0)) {
@@ -422,6 +465,9 @@ void AuthManagerFuzzTest(const uint8_t* data, size_t size)
     AuthSinkDeviceSessionKeyFuzzTest(fdp);
     AuthSinkDeviceRequestFuzzTest(fdp);
     HandleBusinessEventsFuzzTest(fdp);
+    CheckProxyAuthParamVaildFuzzTest(fdp);
+    ParseProxyJsonObjectFuzzTest(fdp);
+    GetBindLevelByBundleNameFuzzTest(fdp);
 }
 }
 }
-- 
Gitee