xref: /aosp_15_r20/system/nfc/src/fuzzers/rw/main.cc (revision 7eba2f3b06c51ae21384f6a4f14577b668a869b3) 
1*7eba2f3bSAndroid Build Coastguard Worker #include "fuzz.h"
2*7eba2f3bSAndroid Build Coastguard Worker 
3*7eba2f3bSAndroid Build Coastguard Worker #define MODULE_NAME "nfc_rw_fuzzer"
4*7eba2f3bSAndroid Build Coastguard Worker 
5*7eba2f3bSAndroid Build Coastguard Worker const char fuzzer_name[] = MODULE_NAME;
6*7eba2f3bSAndroid Build Coastguard Worker 
7*7eba2f3bSAndroid Build Coastguard Worker extern void Type1_FixPackets(uint8_t SubType, std::vector<bytes_t>& Packets);
8*7eba2f3bSAndroid Build Coastguard Worker extern void Type2_FixPackets(uint8_t SubType, std::vector<bytes_t>& Packets);
9*7eba2f3bSAndroid Build Coastguard Worker extern void Type3_FixPackets(uint8_t SubType, std::vector<bytes_t>& Packets);
10*7eba2f3bSAndroid Build Coastguard Worker extern void Type4_FixPackets(uint8_t SubType, std::vector<bytes_t>& Packets);
11*7eba2f3bSAndroid Build Coastguard Worker extern void Type5_FixPackets(uint8_t SubType, std::vector<bytes_t>& Packets);
12*7eba2f3bSAndroid Build Coastguard Worker extern void Mfc_FixPackets(uint8_t SubType, std::vector<bytes_t>& Packets);
13*7eba2f3bSAndroid Build Coastguard Worker 
14*7eba2f3bSAndroid Build Coastguard Worker extern void Type1_Fuzz(uint8_t SubType, const std::vector<bytes_t>& Packets);
15*7eba2f3bSAndroid Build Coastguard Worker extern void Type2_Fuzz(uint8_t SubType, const std::vector<bytes_t>& Packets);
16*7eba2f3bSAndroid Build Coastguard Worker extern void Type3_Fuzz(uint8_t SubType, const std::vector<bytes_t>& Packets);
17*7eba2f3bSAndroid Build Coastguard Worker extern void Type4_Fuzz(uint8_t SubType, const std::vector<bytes_t>& Packets);
18*7eba2f3bSAndroid Build Coastguard Worker extern void Type5_Fuzz(uint8_t SubType, const std::vector<bytes_t>& Packets);
19*7eba2f3bSAndroid Build Coastguard Worker extern void Mfc_Fuzz(uint8_t SubType, const std::vector<bytes_t>& Packets);
20*7eba2f3bSAndroid Build Coastguard Worker 
Fuzz_FixPackets(std::vector<bytes_t> & Packets,uint Seed)21*7eba2f3bSAndroid Build Coastguard Worker void Fuzz_FixPackets(std::vector<bytes_t>& Packets, uint Seed) {
22*7eba2f3bSAndroid Build Coastguard Worker   if (Packets.size() < 2) {
23*7eba2f3bSAndroid Build Coastguard Worker     // At least two packets, first one is the control packet
24*7eba2f3bSAndroid Build Coastguard Worker     Packets.resize(2);
25*7eba2f3bSAndroid Build Coastguard Worker   }
26*7eba2f3bSAndroid Build Coastguard Worker 
27*7eba2f3bSAndroid Build Coastguard Worker   auto& ctrl = Packets[0];
28*7eba2f3bSAndroid Build Coastguard Worker   if (ctrl.size() != 2) {
29*7eba2f3bSAndroid Build Coastguard Worker     ctrl.resize(2);
30*7eba2f3bSAndroid Build Coastguard Worker     ctrl[0] = (Seed >> 16) & 0xFF;
31*7eba2f3bSAndroid Build Coastguard Worker     ctrl[1] = (Seed >> 24) & 0xFF;
32*7eba2f3bSAndroid Build Coastguard Worker   }
33*7eba2f3bSAndroid Build Coastguard Worker 
34*7eba2f3bSAndroid Build Coastguard Worker   uint8_t FuzzType = ctrl[0] % Fuzz_TypeMax;
35*7eba2f3bSAndroid Build Coastguard Worker   uint8_t FuzzSubType = ctrl[1];
36*7eba2f3bSAndroid Build Coastguard Worker 
37*7eba2f3bSAndroid Build Coastguard Worker   switch (FuzzType) {
38*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type1:
39*7eba2f3bSAndroid Build Coastguard Worker       Type1_FixPackets(FuzzSubType, Packets);
40*7eba2f3bSAndroid Build Coastguard Worker       break;
41*7eba2f3bSAndroid Build Coastguard Worker 
42*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type2:
43*7eba2f3bSAndroid Build Coastguard Worker       Type2_FixPackets(FuzzSubType, Packets);
44*7eba2f3bSAndroid Build Coastguard Worker       break;
45*7eba2f3bSAndroid Build Coastguard Worker 
46*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type3:
47*7eba2f3bSAndroid Build Coastguard Worker       Type3_FixPackets(FuzzSubType, Packets);
48*7eba2f3bSAndroid Build Coastguard Worker       break;
49*7eba2f3bSAndroid Build Coastguard Worker 
50*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type4:
51*7eba2f3bSAndroid Build Coastguard Worker       Type4_FixPackets(FuzzSubType, Packets);
52*7eba2f3bSAndroid Build Coastguard Worker       break;
53*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type5:
54*7eba2f3bSAndroid Build Coastguard Worker       Type5_FixPackets(FuzzSubType, Packets);
55*7eba2f3bSAndroid Build Coastguard Worker       break;
56*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Mfc:
57*7eba2f3bSAndroid Build Coastguard Worker       Mfc_FixPackets(FuzzSubType, Packets);
58*7eba2f3bSAndroid Build Coastguard Worker       break;
59*7eba2f3bSAndroid Build Coastguard Worker 
60*7eba2f3bSAndroid Build Coastguard Worker     default:
61*7eba2f3bSAndroid Build Coastguard Worker       FUZZLOG("Unknown fuzz type %hhu", FuzzType);
62*7eba2f3bSAndroid Build Coastguard Worker       break;
63*7eba2f3bSAndroid Build Coastguard Worker   }
64*7eba2f3bSAndroid Build Coastguard Worker }
65*7eba2f3bSAndroid Build Coastguard Worker 
Fuzz_RunPackets(const std::vector<bytes_t> & Packets)66*7eba2f3bSAndroid Build Coastguard Worker void Fuzz_RunPackets(const std::vector<bytes_t>& Packets) {
67*7eba2f3bSAndroid Build Coastguard Worker   if (Packets.size() < 2) {
68*7eba2f3bSAndroid Build Coastguard Worker     return;
69*7eba2f3bSAndroid Build Coastguard Worker   }
70*7eba2f3bSAndroid Build Coastguard Worker 
71*7eba2f3bSAndroid Build Coastguard Worker   auto& ctrl = Packets[0];
72*7eba2f3bSAndroid Build Coastguard Worker   if (ctrl.size() < 2) {
73*7eba2f3bSAndroid Build Coastguard Worker     return;
74*7eba2f3bSAndroid Build Coastguard Worker   }
75*7eba2f3bSAndroid Build Coastguard Worker 
76*7eba2f3bSAndroid Build Coastguard Worker   uint8_t FuzzType = ctrl[0] % Fuzz_TypeMax;
77*7eba2f3bSAndroid Build Coastguard Worker   uint8_t FuzzSubType = ctrl[1];
78*7eba2f3bSAndroid Build Coastguard Worker 
79*7eba2f3bSAndroid Build Coastguard Worker   FUZZLOG("Fuzzing Type%u tag", (uint)(FuzzType + 1));
80*7eba2f3bSAndroid Build Coastguard Worker 
81*7eba2f3bSAndroid Build Coastguard Worker   switch (FuzzType) {
82*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type1:
83*7eba2f3bSAndroid Build Coastguard Worker       Type1_Fuzz(FuzzSubType, Packets);
84*7eba2f3bSAndroid Build Coastguard Worker       break;
85*7eba2f3bSAndroid Build Coastguard Worker 
86*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type2:
87*7eba2f3bSAndroid Build Coastguard Worker       Type2_Fuzz(FuzzSubType, Packets);
88*7eba2f3bSAndroid Build Coastguard Worker       break;
89*7eba2f3bSAndroid Build Coastguard Worker 
90*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type3:
91*7eba2f3bSAndroid Build Coastguard Worker       Type3_Fuzz(FuzzSubType, Packets);
92*7eba2f3bSAndroid Build Coastguard Worker       break;
93*7eba2f3bSAndroid Build Coastguard Worker 
94*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type4:
95*7eba2f3bSAndroid Build Coastguard Worker       Type4_Fuzz(FuzzSubType, Packets);
96*7eba2f3bSAndroid Build Coastguard Worker       break;
97*7eba2f3bSAndroid Build Coastguard Worker 
98*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Type5:
99*7eba2f3bSAndroid Build Coastguard Worker       Type5_Fuzz(FuzzSubType, Packets);
100*7eba2f3bSAndroid Build Coastguard Worker       break;
101*7eba2f3bSAndroid Build Coastguard Worker 
102*7eba2f3bSAndroid Build Coastguard Worker     case Fuzz_Mfc:
103*7eba2f3bSAndroid Build Coastguard Worker       Mfc_Fuzz(FuzzSubType, Packets);
104*7eba2f3bSAndroid Build Coastguard Worker       break;
105*7eba2f3bSAndroid Build Coastguard Worker 
106*7eba2f3bSAndroid Build Coastguard Worker     default:
107*7eba2f3bSAndroid Build Coastguard Worker       FUZZLOG("Unknown fuzz type: %hhu", FuzzType);
108*7eba2f3bSAndroid Build Coastguard Worker       break;
109*7eba2f3bSAndroid Build Coastguard Worker   }
110*7eba2f3bSAndroid Build Coastguard Worker }
111