1/* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include <cerrno> 17#include <cstdlib> 18#include "securec.h" 19#include "v1_1/iwpa_interface.h" 20#include "wpa_fuzzer.h" 21#include "wpa_common_fuzzer.h" 22#include "servmgr_hdi.h" 23#include "devmgr_hdi.h" 24#include "hdf_remote_service.h" 25 26namespace OHOS { 27namespace WIFI { 28constexpr size_t THRESHOLD = 10; 29const char *g_wpaServiceName = "wpa_interface_service"; 30struct IWpaInterface *g_wpaObj = nullptr; 31static struct HDIDeviceManager *g_devMgr = nullptr; 32 33void FuzzWpaStart(struct IWpaInterface *gWpaObj, uint8_t *tmpRawData) 34{ 35 FuzzWpaInterfaceStart(gWpaObj, tmpRawData); 36 FuzzWpaInterfaceStop(gWpaObj, tmpRawData); 37 FuzzWpaInterfaceScan(gWpaObj, tmpRawData); 38 FuzzWpaInterfaceScanResult(gWpaObj, tmpRawData); 39 FuzzWpaInterfaceAddNetwork(gWpaObj, tmpRawData); 40 FuzzWpaInterfaceRemoveNetwork(gWpaObj, tmpRawData); 41 FuzzWpaInterfaceDisableNetwork(gWpaObj, tmpRawData); 42 FuzzWpaInterfaceSetNetwork(gWpaObj, tmpRawData); 43 FuzzWpaInterfaceReconnect(gWpaObj, tmpRawData); 44 FuzzWpaInterfaceDisconnect(gWpaObj, tmpRawData); 45 FuzzWpaInterfaceSelectNetwork(gWpaObj, tmpRawData); 46 FuzzWpaInterfaceEnableNetwork(gWpaObj, tmpRawData); 47 FuzzWpaInterfaceSetPowerSave(gWpaObj, tmpRawData); 48 FuzzWpaInterfaceAutoConnect(gWpaObj, tmpRawData); 49 FuzzWpaInterfaceSaveConfig(gWpaObj, tmpRawData); 50 FuzzWpaInterfaceWpsCancel(gWpaObj, tmpRawData); 51 FuzzWpaInterfaceGetCountryCode(gWpaObj, tmpRawData); 52 FuzzWpaInterfaceGetNetwork(gWpaObj, tmpRawData); 53 FuzzWpaInterfaceBlocklistClear(gWpaObj, tmpRawData); 54 FuzzWpaInterfaceSetSuspendMode(gWpaObj, tmpRawData); 55 FuzzWpaInterfaceGetScanSsid(gWpaObj, tmpRawData); 56 FuzzWpaInterfaceGetPskPassphrase(gWpaObj, tmpRawData); 57 FuzzWpaInterfaceGetPsk(gWpaObj, tmpRawData); 58 FuzzWpaInterfaceGetWepKey(gWpaObj, tmpRawData); 59 FuzzWpaInterfaceGetWepTxKeyIdx(gWpaObj, tmpRawData); 60 FuzzWpaInterfaceGetRequirePmf(gWpaObj, tmpRawData); 61 FuzzWpaInterfaceSetCountryCode(gWpaObj, tmpRawData); 62 FuzzWpaInterfaceListNetworks(gWpaObj, tmpRawData); 63 FuzzWpaInterfaceWifiStatus(gWpaObj, tmpRawData); 64 FuzzWpaInterfaceWpsPbcMode(gWpaObj, tmpRawData); 65 FuzzWpaInterfaceWpsPinMode(gWpaObj, tmpRawData); 66 FuzzWpaInterfaceRegisterEventCallback(gWpaObj, tmpRawData); 67 FuzzWpaInterfaceUnregisterEventCallback(gWpaObj, tmpRawData); 68 FuzzWpaInterfaceGetConnectionCapabilities(gWpaObj, tmpRawData); 69 FuzzWpaInterfaceAddWpaIface(gWpaObj, tmpRawData); 70 FuzzWpaInterfaceRemoveWpaIface(gWpaObj, tmpRawData); 71 FuzzWpaInterfaceReassociate(gWpaObj, tmpRawData); 72 FuzzWpaInterfaceStaShellCmd(gWpaObj, tmpRawData); 73} 74 75void FuzzP2pStart(struct IWpaInterface *gWpaObj, uint8_t *tmpRawData) 76{ 77 FuzzWpaInterfaceP2pSetSsidPostfixName(gWpaObj, tmpRawData); 78 FuzzWpaInterfaceP2pSetWpsDeviceType(gWpaObj, tmpRawData); 79 FuzzWpaInterfaceP2pSetWpsConfigMethods(gWpaObj, tmpRawData); 80 FuzzWpaInterfaceP2pSetGroupMaxIdle(gWpaObj, tmpRawData); 81 FuzzWpaInterfaceP2pSetWfdEnable(gWpaObj, tmpRawData); 82 FuzzWpaInterfaceP2pSetPersistentReconnect(gWpaObj, tmpRawData); 83 FuzzWpaInterfaceP2pSetWpsSecondaryDeviceType(gWpaObj, tmpRawData); 84 FuzzWpaInterfaceP2pSetupWpsPbc(gWpaObj, tmpRawData); 85 FuzzWpaInterfaceP2pSetupWpsPin(gWpaObj, tmpRawData); 86 FuzzWpaInterfaceP2pSetPowerSave(gWpaObj, tmpRawData); 87 FuzzWpaInterfaceP2pSetDeviceName(gWpaObj, tmpRawData); 88 FuzzWpaInterfaceP2pSetWfdDeviceConfig(gWpaObj, tmpRawData); 89 FuzzWpaInterfaceP2pSetRandomMac(gWpaObj, tmpRawData); 90 FuzzWpaInterfaceP2pStartFind(gWpaObj, tmpRawData); 91 FuzzWpaInterfaceP2pSetExtListen(gWpaObj, tmpRawData); 92 FuzzWpaInterfaceP2pSetListenChannel(gWpaObj, tmpRawData); 93 FuzzWpaInterfaceP2pProvisionDiscovery(gWpaObj, tmpRawData); 94 FuzzWpaInterfaceP2pAddGroup(gWpaObj, tmpRawData); 95 FuzzWpaInterfaceP2pAddService(gWpaObj, tmpRawData); 96 FuzzWpaInterfaceP2pRemoveService(gWpaObj, tmpRawData); 97 FuzzWpaInterfaceP2pStopFind(gWpaObj, tmpRawData); 98 FuzzWpaInterfaceP2pFlush(gWpaObj, tmpRawData); 99 FuzzWpaInterfaceP2pFlushService(gWpaObj, tmpRawData); 100 FuzzWpaInterfaceP2pRemoveNetwork(gWpaObj, tmpRawData); 101 FuzzWpaInterfaceP2pSetGroupConfig(gWpaObj, tmpRawData); 102 FuzzWpaInterfaceP2pInvite(gWpaObj, tmpRawData); 103 FuzzWpaInterfaceP2pReinvoke(gWpaObj, tmpRawData); 104 FuzzWpaInterfaceP2pGetDeviceAddress(gWpaObj, tmpRawData); 105 FuzzWpaInterfaceP2pReqServiceDiscovery(gWpaObj, tmpRawData); 106 FuzzWpaInterfaceP2pCancelServiceDiscovery(gWpaObj, tmpRawData); 107 FuzzWpaInterfaceP2pRespServerDiscovery(gWpaObj, tmpRawData); 108 FuzzWpaInterfaceP2pConnect(gWpaObj, tmpRawData); 109 FuzzWpaInterfaceP2pHid2dConnect(gWpaObj, tmpRawData); 110 FuzzWpaInterfaceP2pSetServDiscExternal(gWpaObj, tmpRawData); 111 FuzzWpaInterfaceP2pRemoveGroup(gWpaObj, tmpRawData); 112 FuzzWpaInterfaceP2pCancelConnect(gWpaObj, tmpRawData); 113 FuzzWpaInterfaceP2pGetGroupConfig(gWpaObj, tmpRawData); 114 FuzzWpaInterfaceP2pAddNetwork(gWpaObj, tmpRawData); 115 FuzzWpaInterfaceP2pGetPeer(gWpaObj, tmpRawData); 116 FuzzWpaInterfaceP2pGetGroupCapability(gWpaObj, tmpRawData); 117 FuzzWpaInterfaceP2pListNetworks(gWpaObj, tmpRawData); 118 FuzzWpaInterfaceP2pSaveConfig(gWpaObj, tmpRawData); 119} 120 121bool DoSomethingInterestingWithMyAPI(const uint8_t *rawData, size_t size) 122{ 123 bool result = false; 124 125 if (rawData == nullptr || size == 0) { 126 return false; 127 } 128 g_devMgr = HDIDeviceManagerGet(); 129 if (g_devMgr == nullptr) { 130 HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__); 131 return result; 132 } 133 int32_t rc = g_devMgr->LoadDevice(g_devMgr, g_wpaServiceName); 134 if (rc != HDF_SUCCESS) { 135 HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__); 136 return result; 137 } 138 g_wpaObj = IWpaInterfaceGetInstance(g_wpaServiceName, true); 139 if (g_wpaObj == nullptr) { 140 HDF_LOGE("%{public}s : g_wpaObj is null", __FUNCTION__); 141 return result; 142 } 143 uint32_t dataSize = size - OFFSET; 144 uint8_t *tmpRawData = reinterpret_cast<uint8_t *>(OsalMemCalloc(dataSize + 1)); 145 if (tmpRawData == nullptr) { 146 HDF_LOGE("%{public}s : OsalMemCalloc failed!", __FUNCTION__); 147 return result; 148 } 149 if (PreProcessRawData(rawData, size, tmpRawData, dataSize + 1) != true) { 150 return result; 151 } 152 int32_t ret = g_wpaObj->Start(g_wpaObj); 153 if (ret != HDF_SUCCESS) { 154 HDF_LOGE("%{public}s : Start failed!", __FUNCTION__); 155 OsalMemFree(tmpRawData); 156 return result; 157 } 158 FuzzWpaStart(g_wpaObj, tmpRawData); 159 FuzzP2pStart(g_wpaObj, tmpRawData); 160 ret = g_wpaObj->Stop(g_wpaObj); 161 if (ret != HDF_SUCCESS) { 162 HDF_LOGE("%{public}s : Stop failed!", __FUNCTION__); 163 result = false; 164 } 165 IWpaInterfaceReleaseInstance(g_wpaServiceName, g_wpaObj, true); 166 OsalMemFree(tmpRawData); 167 g_devMgr->UnloadDevice(g_devMgr, g_wpaServiceName); 168 g_devMgr = nullptr; 169 return result; 170} 171} // namespace WIFI 172} // namespace OHOS 173 174/* Fuzzer entry point */ 175extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 176{ 177 if (size < OHOS::WIFI::THRESHOLD) { 178 return 0; 179 } 180 181 /* Run your code on data */ 182 OHOS::WIFI::DoSomethingInterestingWithMyAPI(data, size); 183 return 0; 184}