1 /*
2  * Copyright 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define PACKET_FUZZ_TESTING
18 #include <memory>
19 
20 #include "hci/hci_packets.h"
21 #include "packet/bit_inserter.h"
22 #include "packet/raw_builder.h"
23 
24 // TODO(b/369381361) Enfore -Wmissing-prototypes
25 #pragma GCC diagnostic ignored "-Wmissing-prototypes"
26 
27 using bluetooth::packet::BitInserter;
28 using bluetooth::packet::RawBuilder;
29 using std::vector;
30 
31 namespace bluetooth {
32 namespace hci {
33 
34 std::vector<void (*)(const uint8_t*, size_t)> hci_packet_fuzz_tests;
35 
36 DEFINE_AND_REGISTER_ResetReflectionFuzzTest(hci_packet_fuzz_tests);
37 
38 DEFINE_AND_REGISTER_ResetCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
39 
40 DEFINE_AND_REGISTER_ReadBufferSizeReflectionFuzzTest(hci_packet_fuzz_tests);
41 
42 DEFINE_AND_REGISTER_ReadBufferSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
43 
44 DEFINE_AND_REGISTER_HostBufferSizeReflectionFuzzTest(hci_packet_fuzz_tests);
45 
46 DEFINE_AND_REGISTER_HostBufferSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
47 
48 DEFINE_AND_REGISTER_ReadLocalVersionInformationReflectionFuzzTest(hci_packet_fuzz_tests);
49 
50 DEFINE_AND_REGISTER_ReadLocalVersionInformationCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
51 
52 DEFINE_AND_REGISTER_ReadBdAddrReflectionFuzzTest(hci_packet_fuzz_tests);
53 
54 DEFINE_AND_REGISTER_ReadBdAddrCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
55 
56 DEFINE_AND_REGISTER_ReadLocalSupportedCommandsReflectionFuzzTest(hci_packet_fuzz_tests);
57 
58 DEFINE_AND_REGISTER_ReadLocalSupportedCommandsCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
59 
60 DEFINE_AND_REGISTER_WriteSimplePairingModeReflectionFuzzTest(hci_packet_fuzz_tests);
61 
62 DEFINE_AND_REGISTER_WriteSimplePairingModeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
63 
64 DEFINE_AND_REGISTER_WriteLeHostSupportReflectionFuzzTest(hci_packet_fuzz_tests);
65 
66 DEFINE_AND_REGISTER_WriteLeHostSupportCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
67 
68 DEFINE_AND_REGISTER_ReadLocalExtendedFeaturesReflectionFuzzTest(hci_packet_fuzz_tests);
69 
70 DEFINE_AND_REGISTER_ReadLocalExtendedFeaturesCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
71 
72 DEFINE_AND_REGISTER_WriteSecureConnectionsHostSupportReflectionFuzzTest(hci_packet_fuzz_tests);
73 
74 DEFINE_AND_REGISTER_WriteSecureConnectionsHostSupportCompleteReflectionFuzzTest(
75         hci_packet_fuzz_tests);
76 
77 DEFINE_AND_REGISTER_LeReadFilterAcceptListSizeReflectionFuzzTest(hci_packet_fuzz_tests);
78 
79 DEFINE_AND_REGISTER_LeReadFilterAcceptListSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
80 
81 DEFINE_AND_REGISTER_LeReadBufferSizeV1ReflectionFuzzTest(hci_packet_fuzz_tests);
82 
83 DEFINE_AND_REGISTER_LeReadBufferSizeV1CompleteReflectionFuzzTest(hci_packet_fuzz_tests);
84 
85 DEFINE_AND_REGISTER_WriteCurrentIacLapReflectionFuzzTest(hci_packet_fuzz_tests);
86 
87 DEFINE_AND_REGISTER_WriteCurrentIacLapCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
88 
89 DEFINE_AND_REGISTER_WriteInquiryScanActivityReflectionFuzzTest(hci_packet_fuzz_tests);
90 
91 DEFINE_AND_REGISTER_WriteInquiryScanActivityCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
92 
93 DEFINE_AND_REGISTER_ReadInquiryScanActivityReflectionFuzzTest(hci_packet_fuzz_tests);
94 
95 DEFINE_AND_REGISTER_ReadInquiryScanActivityCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
96 
97 DEFINE_AND_REGISTER_ReadCurrentIacLapReflectionFuzzTest(hci_packet_fuzz_tests);
98 
99 DEFINE_AND_REGISTER_ReadCurrentIacLapCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
100 
101 DEFINE_AND_REGISTER_ReadNumberOfSupportedIacReflectionFuzzTest(hci_packet_fuzz_tests);
102 
103 DEFINE_AND_REGISTER_ReadNumberOfSupportedIacCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
104 
105 DEFINE_AND_REGISTER_ReadPageTimeoutReflectionFuzzTest(hci_packet_fuzz_tests);
106 
107 DEFINE_AND_REGISTER_ReadPageTimeoutCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
108 
109 DEFINE_AND_REGISTER_WritePageTimeoutReflectionFuzzTest(hci_packet_fuzz_tests);
110 
111 DEFINE_AND_REGISTER_WritePageTimeoutCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
112 
113 DEFINE_AND_REGISTER_InquiryReflectionFuzzTest(hci_packet_fuzz_tests);
114 
115 DEFINE_AND_REGISTER_InquiryStatusReflectionFuzzTest(hci_packet_fuzz_tests);
116 
117 DEFINE_AND_REGISTER_InquiryCancelReflectionFuzzTest(hci_packet_fuzz_tests);
118 
119 DEFINE_AND_REGISTER_InquiryCancelCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
120 
121 DEFINE_AND_REGISTER_PeriodicInquiryModeReflectionFuzzTest(hci_packet_fuzz_tests);
122 
123 DEFINE_AND_REGISTER_PeriodicInquiryModeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
124 
125 DEFINE_AND_REGISTER_ExitPeriodicInquiryModeReflectionFuzzTest(hci_packet_fuzz_tests);
126 
127 DEFINE_AND_REGISTER_ExitPeriodicInquiryModeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
128 
129 }  // namespace hci
130 }  // namespace bluetooth
131 
RunHciPacketFuzzTest(const uint8_t * data,size_t size)132 void RunHciPacketFuzzTest(const uint8_t* data, size_t size) {
133   if (data == nullptr) {
134     return;
135   }
136   for (auto test_function : bluetooth::hci::hci_packet_fuzz_tests) {
137     test_function(data, size);
138   }
139 }
140