Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 819a06658d5609b12a6c5e928567fc2a6b5e13c3 / . / tests / fuzzing / eap-aka-peer / eap-aka-peer.c
blob: e36c6ca945218faaa7a9870638d0514f1c7fc9c1 [file] [log] [blame]
Hai Shalom81f62d82019-07-22 12:10:00 -0700[diff] [blame]1/*
2 * EAP-AKA peer fuzzer
3 * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
12#include "eap_peer/eap_methods.h"
13#include "eap_peer/eap_config.h"
14#include "eap_peer/eap_i.h"
15#include "../fuzzer-common.h"
16
17int eap_peer_sim_register(void);
18
19struct eap_method * registered_eap_method = NULL;
20
21
22struct eap_method * eap_peer_method_alloc(int version, int vendor,
23 EapType method, const char *name)
24{
25 struct eap_method *eap;
26 eap = os_zalloc(sizeof(*eap));
27 if (!eap)
28 return NULL;
29 eap->version = version;
30 eap->vendor = vendor;
31 eap->method = method;
32 eap->name = name;
33 return eap;
34}
35
36
37int eap_peer_method_register(struct eap_method *method)
38{
39 registered_eap_method = method;
40 return 0;
41}
42
43
44static struct eap_peer_config eap_aka_config = {
45 .identity = (u8 *) "0232010000000000",
46 .identity_len = 16,
47 .password = (u8 *) "90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
48 .password_len = 78,
49};
50
51struct eap_peer_config * eap_get_config(struct eap_sm *sm)
52{
53 return &eap_aka_config;
54}
55
56
57const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len)
58{
59 static const char *id = "0232010000000000";
60
61 *len = os_strlen(id);
62 return (const u8 *) id;
63}
64
65
66const char * eap_get_config_phase1(struct eap_sm *sm)
67{
68 return NULL;
69}
70
71
72void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len)
73{
74}
75
76
77void eap_sm_request_identity(struct eap_sm *sm)
78{
79}
80
81
82void eap_sm_request_sim(struct eap_sm *sm, const char *req)
83{
84}
85
86
87int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
88{
89 const u8 *pos, *end;
90 struct eap_sm *sm;
91 void *priv;
92 struct eap_method_ret ret;
93
94 wpa_fuzzer_set_debug_level();
95
96 eap_peer_aka_register();
97 sm = os_zalloc(sizeof(*sm));
98 if (!sm)
99 return 0;
100 priv = registered_eap_method->init(sm);
101 os_memset(&ret, 0, sizeof(ret));
102
103 pos = data;
104 end = pos + size;
105
106 while (end - pos > 2) {
107 u16 flen;
108 struct wpabuf *buf, *req;
109
110 flen = WPA_GET_BE16(pos);
111 pos += 2;
112 if (end - pos < flen)
113 break;
114 req = wpabuf_alloc_copy(pos, flen);
115 if (!req)
116 break;
117 wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - request", req);
118 buf = registered_eap_method->process(sm, priv, &ret, req);
119 wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - local response", buf);
120 wpabuf_free(req);
121 wpabuf_free(buf);
122 pos += flen;
123 }
124
125 registered_eap_method->deinit(sm, priv);
126 os_free(registered_eap_method);
127 os_free(sm);
128
129 return 0;
130}