/src/hostap/tests/fuzzing/pasn-resp/pasn-resp.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * PASN responder fuzzer |
3 | | * Copyright (c) 2022, Jouni Malinen <j@w1.fi> |
4 | | * |
5 | | * This software may be distributed under the terms of the BSD license. |
6 | | * See README for more details. |
7 | | */ |
8 | | |
9 | | #include "utils/includes.h" |
10 | | |
11 | | #include "utils/common.h" |
12 | | #include "utils/eloop.h" |
13 | | #include "common/defs.h" |
14 | | #include "common/wpa_common.h" |
15 | | #include "common/sae.h" |
16 | | #include "common/ieee802_11_defs.h" |
17 | | #include "crypto/sha384.h" |
18 | | #include "crypto/crypto.h" |
19 | | #include "pasn/pasn_common.h" |
20 | | #include "../fuzzer-common.h" |
21 | | |
22 | | |
23 | | struct eapol_state_machine; |
24 | | |
25 | | struct rsn_pmksa_cache_entry * |
26 | | pmksa_cache_auth_add(struct rsn_pmksa_cache *pmksa, |
27 | | const u8 *pmk, size_t pmk_len, const u8 *pmkid, |
28 | | const u8 *kck, size_t kck_len, |
29 | | const u8 *aa, const u8 *spa, int session_timeout, |
30 | | struct eapol_state_machine *eapol, int akmp) |
31 | 0 | { |
32 | 0 | return NULL; |
33 | 0 | } |
34 | | |
35 | | |
36 | | struct rsn_pmksa_cache_entry * |
37 | | pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa, |
38 | | const u8 *spa, const u8 *pmkid) |
39 | 0 | { |
40 | 0 | return NULL; |
41 | 0 | } |
42 | | |
43 | | |
44 | | struct rsn_pmksa_cache * |
45 | | pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, |
46 | | void *ctx), void *ctx) |
47 | | { |
48 | | return NULL; |
49 | | } |
50 | | |
51 | | |
52 | | void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa) |
53 | | { |
54 | | } |
55 | | |
56 | | |
57 | | void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa, |
58 | | struct rsn_pmksa_cache_entry *entry) |
59 | 0 | { |
60 | 0 | } |
61 | | |
62 | | |
63 | | void pmksa_cache_auth_flush(struct rsn_pmksa_cache *pmksa) |
64 | 0 | { |
65 | 0 | } |
66 | | |
67 | | |
68 | | static int pasn_send_mgmt(void *ctx, const u8 *data, size_t data_len, |
69 | | int noack, unsigned int freq, unsigned int wait) |
70 | 3.07k | { |
71 | 3.07k | return 0; |
72 | 3.07k | } |
73 | | |
74 | | |
75 | | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) |
76 | 3.07k | { |
77 | 3.07k | struct pasn_data *pasn; |
78 | 3.07k | u8 own_addr[ETH_ALEN], bssid[ETH_ALEN]; |
79 | | |
80 | 3.07k | wpa_fuzzer_set_debug_level(); |
81 | | |
82 | 3.07k | if (os_program_init()) |
83 | 0 | return 0; |
84 | | |
85 | 3.07k | if (eloop_init()) { |
86 | 0 | wpa_printf(MSG_ERROR, "Failed to initialize event loop"); |
87 | 0 | return 0; |
88 | 0 | } |
89 | | |
90 | 3.07k | pasn = pasn_data_init(); |
91 | 3.07k | if (!pasn) |
92 | 0 | goto fail; |
93 | | |
94 | 3.07k | pasn->send_mgmt = pasn_send_mgmt; |
95 | 3.07k | hwaddr_aton("02:00:00:00:03:00", own_addr); |
96 | 3.07k | hwaddr_aton("02:00:00:00:00:00", bssid); |
97 | 3.07k | os_memcpy(pasn->own_addr, own_addr, ETH_ALEN); |
98 | 3.07k | os_memcpy(pasn->bssid, bssid, ETH_ALEN); |
99 | 3.07k | pasn->wpa_key_mgmt = WPA_KEY_MGMT_PASN; |
100 | 3.07k | pasn->rsn_pairwise = WPA_CIPHER_CCMP; |
101 | | |
102 | 3.07k | wpa_printf(MSG_DEBUG, "TESTING: Try to parse as PASN Auth 1"); |
103 | 3.07k | if (handle_auth_pasn_1(pasn, own_addr, bssid, |
104 | 3.07k | (const struct ieee80211_mgmt *) data, size, |
105 | 3.07k | false)) |
106 | 3.07k | wpa_printf(MSG_ERROR, "handle_auth_pasn_1 failed"); |
107 | | |
108 | 3.07k | wpa_printf(MSG_DEBUG, "TESTING: Try to parse as PASN Auth 3"); |
109 | 3.07k | if (handle_auth_pasn_3(pasn, own_addr, bssid, |
110 | 3.07k | (const struct ieee80211_mgmt *) data, size)) |
111 | 2.70k | wpa_printf(MSG_ERROR, "handle_auth_pasn_3 failed"); |
112 | | |
113 | 3.07k | if (pasn->ecdh) { |
114 | 18 | crypto_ecdh_deinit(pasn->ecdh); |
115 | 18 | pasn->ecdh = NULL; |
116 | 18 | } |
117 | | |
118 | 3.07k | fail: |
119 | 3.07k | pasn_data_deinit(pasn); |
120 | 3.07k | eloop_destroy(); |
121 | 3.07k | os_program_deinit(); |
122 | | |
123 | 3.07k | return 0; |
124 | 3.07k | } |