Coverage Report

Created: 2025-04-24 06:18

/src/hostap/tests/fuzzing/pasn-resp/pasn-resp.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * PASN responder fuzzer
3
 * Copyright (c) 2022, Jouni Malinen <j@w1.fi>
4
 *
5
 * This software may be distributed under the terms of the BSD license.
6
 * See README for more details.
7
 */
8
9
#include "utils/includes.h"
10
11
#include "utils/common.h"
12
#include "utils/eloop.h"
13
#include "common/defs.h"
14
#include "common/wpa_common.h"
15
#include "common/sae.h"
16
#include "common/ieee802_11_defs.h"
17
#include "crypto/sha384.h"
18
#include "crypto/crypto.h"
19
#include "pasn/pasn_common.h"
20
#include "../fuzzer-common.h"
21
22
23
struct eapol_state_machine;
24
25
struct rsn_pmksa_cache_entry *
26
pmksa_cache_auth_add(struct rsn_pmksa_cache *pmksa,
27
         const u8 *pmk, size_t pmk_len, const u8 *pmkid,
28
         const u8 *kck, size_t kck_len,
29
         const u8 *aa, const u8 *spa, int session_timeout,
30
         struct eapol_state_machine *eapol, int akmp)
31
0
{
32
0
  return NULL;
33
0
}
34
35
36
struct rsn_pmksa_cache_entry *
37
pmksa_cache_auth_get(struct rsn_pmksa_cache *pmksa,
38
         const u8 *spa, const u8 *pmkid)
39
0
{
40
0
  return NULL;
41
0
}
42
43
44
struct rsn_pmksa_cache *
45
pmksa_cache_auth_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
46
              void *ctx), void *ctx)
47
{
48
  return NULL;
49
}
50
51
52
void pmksa_cache_auth_deinit(struct rsn_pmksa_cache *pmksa)
53
{
54
}
55
56
57
void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
58
          struct rsn_pmksa_cache_entry *entry)
59
0
{
60
0
}
61
62
63
void pmksa_cache_auth_flush(struct rsn_pmksa_cache *pmksa)
64
0
{
65
0
}
66
67
68
static int pasn_send_mgmt(void *ctx, const u8 *data, size_t data_len,
69
        int noack, unsigned int freq, unsigned int wait)
70
3.07k
{
71
3.07k
  return 0;
72
3.07k
}
73
74
75
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
76
3.07k
{
77
3.07k
  struct pasn_data *pasn;
78
3.07k
  u8 own_addr[ETH_ALEN], bssid[ETH_ALEN];
79
80
3.07k
  wpa_fuzzer_set_debug_level();
81
82
3.07k
  if (os_program_init())
83
0
    return 0;
84
85
3.07k
  if (eloop_init()) {
86
0
    wpa_printf(MSG_ERROR, "Failed to initialize event loop");
87
0
    return 0;
88
0
  }
89
90
3.07k
  pasn = pasn_data_init();
91
3.07k
  if (!pasn)
92
0
    goto fail;
93
94
3.07k
  pasn->send_mgmt = pasn_send_mgmt;
95
3.07k
  hwaddr_aton("02:00:00:00:03:00", own_addr);
96
3.07k
  hwaddr_aton("02:00:00:00:00:00", bssid);
97
3.07k
  os_memcpy(pasn->own_addr, own_addr, ETH_ALEN);
98
3.07k
  os_memcpy(pasn->bssid, bssid, ETH_ALEN);
99
3.07k
  pasn->wpa_key_mgmt = WPA_KEY_MGMT_PASN;
100
3.07k
  pasn->rsn_pairwise = WPA_CIPHER_CCMP;
101
102
3.07k
  wpa_printf(MSG_DEBUG, "TESTING: Try to parse as PASN Auth 1");
103
3.07k
  if (handle_auth_pasn_1(pasn, own_addr, bssid,
104
3.07k
             (const struct ieee80211_mgmt *) data, size,
105
3.07k
             false))
106
3.07k
    wpa_printf(MSG_ERROR, "handle_auth_pasn_1 failed");
107
108
3.07k
  wpa_printf(MSG_DEBUG, "TESTING: Try to parse as PASN Auth 3");
109
3.07k
  if (handle_auth_pasn_3(pasn, own_addr, bssid,
110
3.07k
             (const struct ieee80211_mgmt *) data, size))
111
2.70k
    wpa_printf(MSG_ERROR, "handle_auth_pasn_3 failed");
112
113
3.07k
  if (pasn->ecdh) {
114
18
    crypto_ecdh_deinit(pasn->ecdh);
115
18
    pasn->ecdh = NULL;
116
18
  }
117
118
3.07k
fail:
119
3.07k
  pasn_data_deinit(pasn);
120
3.07k
  eloop_destroy();
121
3.07k
  os_program_deinit();
122
123
3.07k
  return 0;
124
3.07k
}