/src/hostap/tests/fuzzing/eap-aka-peer/eap-aka-peer.c

Source (jump to first uncovered line)
/*
 * EAP-AKA peer fuzzer
 * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
 *
 * This software may be distributed under the terms of the BSD license.
 * See README for more details.
 */

#include "utils/includes.h"

#include "utils/common.h"
#include "eap_peer/eap_methods.h"
#include "eap_peer/eap_config.h"
#include "eap_peer/eap_i.h"
#include "../fuzzer-common.h"

int eap_peer_sim_register(void);

struct eap_method * registered_eap_method = NULL;


struct eap_method * eap_peer_method_alloc(int version, int vendor,
            enum eap_type method,
            const char *name)
{
  struct eap_method *eap;
  eap = os_zalloc(sizeof(*eap));
  if (!eap)
    return NULL;
  eap->version = version;
  eap->vendor = vendor;
  eap->method = method;
  eap->name = name;
  return eap;
}


int eap_peer_method_register(struct eap_method *method)
{
  registered_eap_method = method;
  return 0;
}


static struct eap_peer_config eap_aka_config = {
  .identity = (u8 *) "0232010000000000",
  .identity_len = 16,
  .password = (u8 *) "90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
  .password_len = 78,
};

struct eap_peer_config * eap_get_config(struct eap_sm *sm)
{
  return &eap_aka_config;
}


const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len)
{
  static const char *id = "0232010000000000";

  *len = os_strlen(id);
  return (const u8 *) id;
}


const char * eap_get_config_phase1(struct eap_sm *sm)
{
  return NULL;
}


void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len)
{
}


void eap_sm_request_identity(struct eap_sm *sm)
{
}


void eap_sm_request_sim(struct eap_sm *sm, const char *req)
{
}


int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
  const u8 *pos, *end;
  struct eap_sm *sm;
  void *priv;
  struct eap_method_ret ret;
  unsigned int count = 0;

  wpa_fuzzer_set_debug_level();

  eap_peer_aka_register();
  sm = os_zalloc(sizeof(*sm));
  if (!sm)
    return 0;
  priv = registered_eap_method->init(sm);
  os_memset(&ret, 0, sizeof(ret));

  pos = data;
  end = pos + size;

  while (end - pos > 2 && count < 100) {
    u16 flen;
    struct wpabuf *buf, *req;

    flen = WPA_GET_BE16(pos);
    pos += 2;
    if (end - pos < flen)
      break;
    req = wpabuf_alloc_copy(pos, flen);
    if (!req)
      break;
    wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - request", req);
    buf = registered_eap_method->process(sm, priv, &ret, req);
    wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - local response", buf);
    wpabuf_free(req);
    wpabuf_free(buf);
    pos += flen;
    count++;
  }

  registered_eap_method->deinit(sm, priv);
  os_free(registered_eap_method);
  os_free(sm);

  return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* EAP-AKA peer fuzzer
3		* Copyright (c) 2019, Jouni Malinen <j@w1.fi>
4		*
5		* This software may be distributed under the terms of the BSD license.
6		* See README for more details.
7		*/
8
9		#include "utils/includes.h"
10
11		#include "utils/common.h"
12		#include "eap_peer/eap_methods.h"
13		#include "eap_peer/eap_config.h"
14		#include "eap_peer/eap_i.h"
15		#include "../fuzzer-common.h"
16
17		int eap_peer_sim_register(void);
18
19		struct eap_method * registered_eap_method = NULL;
20
21
22		struct eap_method * eap_peer_method_alloc(int version, int vendor,
23		enum eap_type method,
24		const char *name)
25	4.81k	{
26	4.81k	struct eap_method *eap;
27	4.81k	eap = os_zalloc(sizeof(*eap));
28	4.81k	if (!eap)
29	0	return NULL;
30	4.81k	eap->version = version;
31	4.81k	eap->vendor = vendor;
32	4.81k	eap->method = method;
33	4.81k	eap->name = name;
34	4.81k	return eap;
35	4.81k	}
36
37
38		int eap_peer_method_register(struct eap_method *method)
39	4.81k	{
40	4.81k	registered_eap_method = method;
41	4.81k	return 0;
42	4.81k	}
43
44
45		static struct eap_peer_config eap_aka_config = {
46		.identity = (u8 *) "0232010000000000",
47		.identity_len = 16,
48		.password = (u8 *) "90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
49		.password_len = 78,
50		};
51
52		struct eap_peer_config * eap_get_config(struct eap_sm *sm)
53	3.34M	{
54	3.34M	return &eap_aka_config;
55	3.34M	}
56
57
58		const u8 * eap_get_config_identity(struct eap_sm sm, size_t len)
59	1.70M	{
60	1.70M	static const char *id = "0232010000000000";
61
62	1.70M	*len = os_strlen(id);
63	1.70M	return (const u8 *) id;
64	1.70M	}
65
66
67		const char * eap_get_config_phase1(struct eap_sm *sm)
68	1.79k	{
69	1.79k	return NULL;
70	1.79k	}
71
72
73		void eap_set_anon_id(struct eap_sm sm, const u8 id, size_t len)
74	1.24k	{
75	1.24k	}
76
77
78		void eap_sm_request_identity(struct eap_sm *sm)
79	7.87k	{
80	7.87k	}
81
82
83		void eap_sm_request_sim(struct eap_sm sm, const char req)
84	0	{
85	0	}
86
87
88		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
89	3.62k	{
90	3.62k	const u8 pos, end;
91	3.62k	struct eap_sm *sm;
92	3.62k	void *priv;
93	3.62k	struct eap_method_ret ret;
94	3.62k	unsigned int count = 0;
95
96	3.62k	wpa_fuzzer_set_debug_level();
97
98	3.62k	eap_peer_aka_register();
99	3.62k	sm = os_zalloc(sizeof(*sm));
100	3.62k	if (!sm)
101	0	return 0;
102	3.62k	priv = registered_eap_method->init(sm);
103	3.62k	os_memset(&ret, 0, sizeof(ret));
104
105	3.62k	pos = data;
106	3.62k	end = pos + size;
107
108	42.4k	while (end - pos > 2 && count < 100) {
109	38.9k	u16 flen;
110	38.9k	struct wpabuf buf, req;
111
112	38.9k	flen = WPA_GET_BE16(pos);
113	38.9k	pos += 2;
114	38.9k	if (end - pos < flen)
115	118	break;
116	38.8k	req = wpabuf_alloc_copy(pos, flen);
117	38.8k	if (!req)
118	0	break;
119	38.8k	wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - request", req);
120	38.8k	buf = registered_eap_method->process(sm, priv, &ret, req);
121	38.8k	wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - local response", buf);
122	38.8k	wpabuf_free(req);
123	38.8k	wpabuf_free(buf);
124	38.8k	pos += flen;
125	38.8k	count++;
126	38.8k	}
127
128	3.62k	registered_eap_method->deinit(sm, priv);
129	3.62k	os_free(registered_eap_method);
130	3.62k	os_free(sm);
131
132	3.62k	return 0;
133	3.62k	}

Coverage Report

Created: 2025-08-29 06:25