1*7eba2f3bSAndroid Build Coastguard Worker #include "fuzz.h"
2*7eba2f3bSAndroid Build Coastguard Worker
3*7eba2f3bSAndroid Build Coastguard Worker #define MODULE_NAME "Type5 Read/Write"
4*7eba2f3bSAndroid Build Coastguard Worker
5*7eba2f3bSAndroid Build Coastguard Worker enum {
6*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_INVENTORY,
7*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_STAY_QUIET,
8*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_READ_SINGLEBLOCK,
9*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_WRITE_SINGLEBLOCK,
10*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_LOCK_BLOCK,
11*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_READ_MULTIPLEBLOCKS,
12*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_WRITE_MULTIPLEBLOCKS,
13*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_SELECT,
14*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_RESET_TO_READY,
15*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_WRITE_AFI,
16*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_LOCK_AFI,
17*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_WRITE_DSFID,
18*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_LOCK_DSFID,
19*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_GET_SYS_INFO,
20*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_GET_MULTI_BLOCK_SECURITY_STATUS,
21*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_DETECT_NDEF,
22*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_READ_NDEF,
23*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_UPDATE_NDEF,
24*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_FORMAT_NDEF,
25*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_SET_TAG_READONLY,
26*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_PRESENCE_CHECK,
27*7eba2f3bSAndroid Build Coastguard Worker
28*7eba2f3bSAndroid Build Coastguard Worker SUB_TYPE_MAX
29*7eba2f3bSAndroid Build Coastguard Worker };
30*7eba2f3bSAndroid Build Coastguard Worker
31*7eba2f3bSAndroid Build Coastguard Worker #define TEST_UID_VALUE \
32*7eba2f3bSAndroid Build Coastguard Worker { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 }
33*7eba2f3bSAndroid Build Coastguard Worker // const uint8_t TEST_UID[] = TEST_UID_VALUE;
34*7eba2f3bSAndroid Build Coastguard Worker
rw_cback(tRW_EVENT event,tRW_DATA * p_rw_data)35*7eba2f3bSAndroid Build Coastguard Worker static void rw_cback(tRW_EVENT event, tRW_DATA* p_rw_data) {
36*7eba2f3bSAndroid Build Coastguard Worker FUZZLOG(MODULE_NAME ": rw_cback: event=0x%02x, p_rw_data=%p", event,
37*7eba2f3bSAndroid Build Coastguard Worker p_rw_data);
38*7eba2f3bSAndroid Build Coastguard Worker if (event == RW_I93_DATA_EVT || event == RW_I93_NDEF_READ_EVT ||
39*7eba2f3bSAndroid Build Coastguard Worker event == RW_I93_NDEF_READ_CPLT_EVT) {
40*7eba2f3bSAndroid Build Coastguard Worker if (p_rw_data->i93_data.p_data) {
41*7eba2f3bSAndroid Build Coastguard Worker GKI_freebuf(p_rw_data->i93_data.p_data);
42*7eba2f3bSAndroid Build Coastguard Worker p_rw_data->i93_data.p_data = nullptr;
43*7eba2f3bSAndroid Build Coastguard Worker }
44*7eba2f3bSAndroid Build Coastguard Worker } else if (event == RW_I93_RAW_FRAME_EVT) {
45*7eba2f3bSAndroid Build Coastguard Worker if (p_rw_data->raw_frame.p_data) {
46*7eba2f3bSAndroid Build Coastguard Worker GKI_freebuf(p_rw_data->raw_frame.p_data);
47*7eba2f3bSAndroid Build Coastguard Worker p_rw_data->raw_frame.p_data = nullptr;
48*7eba2f3bSAndroid Build Coastguard Worker }
49*7eba2f3bSAndroid Build Coastguard Worker }
50*7eba2f3bSAndroid Build Coastguard Worker }
51*7eba2f3bSAndroid Build Coastguard Worker
Init(Fuzz_Context &)52*7eba2f3bSAndroid Build Coastguard Worker static bool Init(Fuzz_Context& /*ctx*/) {
53*7eba2f3bSAndroid Build Coastguard Worker tNFC_ACTIVATE_DEVT activate_params = {
54*7eba2f3bSAndroid Build Coastguard Worker .protocol = static_cast<tNFC_PROTOCOL>(NFC_PROTOCOL_T5T),
55*7eba2f3bSAndroid Build Coastguard Worker .rf_tech_param = {.mode = NFC_DISCOVERY_TYPE_POLL_V,
56*7eba2f3bSAndroid Build Coastguard Worker .param = {.pi93 = {
57*7eba2f3bSAndroid Build Coastguard Worker .uid = TEST_UID_VALUE,
58*7eba2f3bSAndroid Build Coastguard Worker }}}};
59*7eba2f3bSAndroid Build Coastguard Worker
60*7eba2f3bSAndroid Build Coastguard Worker rw_init();
61*7eba2f3bSAndroid Build Coastguard Worker if (NFC_STATUS_OK != RW_SetActivatedTagType(&activate_params, rw_cback)) {
62*7eba2f3bSAndroid Build Coastguard Worker FUZZLOG(MODULE_NAME ": RW_SetActivatedTagType failed");
63*7eba2f3bSAndroid Build Coastguard Worker return false;
64*7eba2f3bSAndroid Build Coastguard Worker }
65*7eba2f3bSAndroid Build Coastguard Worker
66*7eba2f3bSAndroid Build Coastguard Worker return true;
67*7eba2f3bSAndroid Build Coastguard Worker }
68*7eba2f3bSAndroid Build Coastguard Worker
Init_Inventory(Fuzz_Context &)69*7eba2f3bSAndroid Build Coastguard Worker static bool Init_Inventory(Fuzz_Context& /*ctx*/) {
70*7eba2f3bSAndroid Build Coastguard Worker uint8_t uid[] = TEST_UID_VALUE;
71*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93Inventory(false, 0, uid);
72*7eba2f3bSAndroid Build Coastguard Worker }
73*7eba2f3bSAndroid Build Coastguard Worker
Init_StayQuiet(Fuzz_Context &)74*7eba2f3bSAndroid Build Coastguard Worker static bool Init_StayQuiet(Fuzz_Context& /*ctx*/) {
75*7eba2f3bSAndroid Build Coastguard Worker uint8_t uid[] = TEST_UID_VALUE;
76*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93StayQuiet(uid);
77*7eba2f3bSAndroid Build Coastguard Worker }
78*7eba2f3bSAndroid Build Coastguard Worker
Init_ReadSingleBlock(Fuzz_Context &)79*7eba2f3bSAndroid Build Coastguard Worker static bool Init_ReadSingleBlock(Fuzz_Context& /*ctx*/) {
80*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93ReadSingleBlock(0);
81*7eba2f3bSAndroid Build Coastguard Worker }
82*7eba2f3bSAndroid Build Coastguard Worker
Init_WriteSingleBlock(Fuzz_Context & ctx)83*7eba2f3bSAndroid Build Coastguard Worker static bool Init_WriteSingleBlock(Fuzz_Context& ctx) {
84*7eba2f3bSAndroid Build Coastguard Worker const uint8_t data[] = {0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04,
85*7eba2f3bSAndroid Build Coastguard Worker 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04};
86*7eba2f3bSAndroid Build Coastguard Worker
87*7eba2f3bSAndroid Build Coastguard Worker auto scratch = ctx.GetBuffer(sizeof(data), data);
88*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93WriteSingleBlock(0, scratch);
89*7eba2f3bSAndroid Build Coastguard Worker }
90*7eba2f3bSAndroid Build Coastguard Worker
Init_LockBlock(Fuzz_Context &)91*7eba2f3bSAndroid Build Coastguard Worker static bool Init_LockBlock(Fuzz_Context& /*ctx*/) {
92*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93LockBlock(0);
93*7eba2f3bSAndroid Build Coastguard Worker }
94*7eba2f3bSAndroid Build Coastguard Worker
Init_ReadMultipleBlocks(Fuzz_Context &)95*7eba2f3bSAndroid Build Coastguard Worker static bool Init_ReadMultipleBlocks(Fuzz_Context& /*ctx*/) {
96*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93ReadMultipleBlocks(0, 10);
97*7eba2f3bSAndroid Build Coastguard Worker }
98*7eba2f3bSAndroid Build Coastguard Worker
Init_WriteMultipleBlocks(Fuzz_Context & ctx)99*7eba2f3bSAndroid Build Coastguard Worker static bool Init_WriteMultipleBlocks(Fuzz_Context& ctx) {
100*7eba2f3bSAndroid Build Coastguard Worker auto scratch = ctx.GetBuffer(16 * 10);
101*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93WriteMultipleBlocks(0, 10, scratch);
102*7eba2f3bSAndroid Build Coastguard Worker }
103*7eba2f3bSAndroid Build Coastguard Worker
Init_Select(Fuzz_Context &)104*7eba2f3bSAndroid Build Coastguard Worker static bool Init_Select(Fuzz_Context& /*ctx*/) {
105*7eba2f3bSAndroid Build Coastguard Worker uint8_t uid[] = TEST_UID_VALUE;
106*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93Select(uid);
107*7eba2f3bSAndroid Build Coastguard Worker }
108*7eba2f3bSAndroid Build Coastguard Worker
Init_ResetToReady(Fuzz_Context &)109*7eba2f3bSAndroid Build Coastguard Worker static bool Init_ResetToReady(Fuzz_Context& /*ctx*/) {
110*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93ResetToReady();
111*7eba2f3bSAndroid Build Coastguard Worker }
112*7eba2f3bSAndroid Build Coastguard Worker
Init_WriteAFI(Fuzz_Context &)113*7eba2f3bSAndroid Build Coastguard Worker static bool Init_WriteAFI(Fuzz_Context& /*ctx*/) {
114*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93WriteAFI(0x11);
115*7eba2f3bSAndroid Build Coastguard Worker }
116*7eba2f3bSAndroid Build Coastguard Worker
Init_LockAFI(Fuzz_Context &)117*7eba2f3bSAndroid Build Coastguard Worker static bool Init_LockAFI(Fuzz_Context& /*ctx*/) {
118*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93LockAFI();
119*7eba2f3bSAndroid Build Coastguard Worker }
120*7eba2f3bSAndroid Build Coastguard Worker
Init_WriteDSFID(Fuzz_Context &)121*7eba2f3bSAndroid Build Coastguard Worker static bool Init_WriteDSFID(Fuzz_Context& /*ctx*/) {
122*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93WriteDSFID(0x22);
123*7eba2f3bSAndroid Build Coastguard Worker }
124*7eba2f3bSAndroid Build Coastguard Worker
Init_LockDSFID(Fuzz_Context &)125*7eba2f3bSAndroid Build Coastguard Worker static bool Init_LockDSFID(Fuzz_Context& /*ctx*/) {
126*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93LockDSFID();
127*7eba2f3bSAndroid Build Coastguard Worker }
128*7eba2f3bSAndroid Build Coastguard Worker
Init_GetSysInfo(Fuzz_Context &)129*7eba2f3bSAndroid Build Coastguard Worker static bool Init_GetSysInfo(Fuzz_Context& /*ctx*/) {
130*7eba2f3bSAndroid Build Coastguard Worker uint8_t uid[] = TEST_UID_VALUE;
131*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93GetSysInfo(uid);
132*7eba2f3bSAndroid Build Coastguard Worker }
133*7eba2f3bSAndroid Build Coastguard Worker
Init_GetMultiBlockSecurityStatus(Fuzz_Context &)134*7eba2f3bSAndroid Build Coastguard Worker static bool Init_GetMultiBlockSecurityStatus(Fuzz_Context& /*ctx*/) {
135*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93GetMultiBlockSecurityStatus(0, 10);
136*7eba2f3bSAndroid Build Coastguard Worker }
137*7eba2f3bSAndroid Build Coastguard Worker
Init_DetectNDef(Fuzz_Context &)138*7eba2f3bSAndroid Build Coastguard Worker static bool Init_DetectNDef(Fuzz_Context& /*ctx*/) {
139*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93DetectNDef();
140*7eba2f3bSAndroid Build Coastguard Worker }
141*7eba2f3bSAndroid Build Coastguard Worker
Init_ReadNDef(Fuzz_Context &)142*7eba2f3bSAndroid Build Coastguard Worker static bool Init_ReadNDef(Fuzz_Context& /*ctx*/) {
143*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93ReadNDef();
144*7eba2f3bSAndroid Build Coastguard Worker }
145*7eba2f3bSAndroid Build Coastguard Worker
Init_UpdateNDef(Fuzz_Context & ctx)146*7eba2f3bSAndroid Build Coastguard Worker static bool Init_UpdateNDef(Fuzz_Context& ctx) {
147*7eba2f3bSAndroid Build Coastguard Worker const uint8_t data[] = {0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04,
148*7eba2f3bSAndroid Build Coastguard Worker 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04};
149*7eba2f3bSAndroid Build Coastguard Worker
150*7eba2f3bSAndroid Build Coastguard Worker auto scratch = ctx.GetBuffer(sizeof(data), data);
151*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93UpdateNDef(sizeof(data), scratch);
152*7eba2f3bSAndroid Build Coastguard Worker }
153*7eba2f3bSAndroid Build Coastguard Worker
Init_FormatNDef(Fuzz_Context &)154*7eba2f3bSAndroid Build Coastguard Worker static bool Init_FormatNDef(Fuzz_Context& /*ctx*/) {
155*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93FormatNDef();
156*7eba2f3bSAndroid Build Coastguard Worker }
157*7eba2f3bSAndroid Build Coastguard Worker
Init_SetTagReadOnly(Fuzz_Context &)158*7eba2f3bSAndroid Build Coastguard Worker static bool Init_SetTagReadOnly(Fuzz_Context& /*ctx*/) {
159*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93SetTagReadOnly();
160*7eba2f3bSAndroid Build Coastguard Worker }
161*7eba2f3bSAndroid Build Coastguard Worker
Init_PresenceCheck(Fuzz_Context &)162*7eba2f3bSAndroid Build Coastguard Worker static bool Init_PresenceCheck(Fuzz_Context& /*ctx*/) {
163*7eba2f3bSAndroid Build Coastguard Worker return NFC_STATUS_OK == RW_I93PresenceCheck();
164*7eba2f3bSAndroid Build Coastguard Worker }
165*7eba2f3bSAndroid Build Coastguard Worker
Fuzz_Init(Fuzz_Context & ctx)166*7eba2f3bSAndroid Build Coastguard Worker static bool Fuzz_Init(Fuzz_Context& ctx) {
167*7eba2f3bSAndroid Build Coastguard Worker if (!Init(ctx)) {
168*7eba2f3bSAndroid Build Coastguard Worker FUZZLOG(MODULE_NAME ": initialization failed");
169*7eba2f3bSAndroid Build Coastguard Worker return false;
170*7eba2f3bSAndroid Build Coastguard Worker }
171*7eba2f3bSAndroid Build Coastguard Worker
172*7eba2f3bSAndroid Build Coastguard Worker bool result = false;
173*7eba2f3bSAndroid Build Coastguard Worker switch (ctx.SubType) {
174*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_INVENTORY:
175*7eba2f3bSAndroid Build Coastguard Worker result = Init_Inventory(ctx);
176*7eba2f3bSAndroid Build Coastguard Worker break;
177*7eba2f3bSAndroid Build Coastguard Worker
178*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_STAY_QUIET:
179*7eba2f3bSAndroid Build Coastguard Worker result = Init_StayQuiet(ctx);
180*7eba2f3bSAndroid Build Coastguard Worker break;
181*7eba2f3bSAndroid Build Coastguard Worker
182*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_READ_SINGLEBLOCK:
183*7eba2f3bSAndroid Build Coastguard Worker result = Init_ReadSingleBlock(ctx);
184*7eba2f3bSAndroid Build Coastguard Worker break;
185*7eba2f3bSAndroid Build Coastguard Worker
186*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_WRITE_SINGLEBLOCK:
187*7eba2f3bSAndroid Build Coastguard Worker result = Init_WriteSingleBlock(ctx);
188*7eba2f3bSAndroid Build Coastguard Worker break;
189*7eba2f3bSAndroid Build Coastguard Worker
190*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_LOCK_BLOCK:
191*7eba2f3bSAndroid Build Coastguard Worker result = Init_LockBlock(ctx);
192*7eba2f3bSAndroid Build Coastguard Worker break;
193*7eba2f3bSAndroid Build Coastguard Worker
194*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_READ_MULTIPLEBLOCKS:
195*7eba2f3bSAndroid Build Coastguard Worker result = Init_ReadMultipleBlocks(ctx);
196*7eba2f3bSAndroid Build Coastguard Worker break;
197*7eba2f3bSAndroid Build Coastguard Worker
198*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_WRITE_MULTIPLEBLOCKS:
199*7eba2f3bSAndroid Build Coastguard Worker result = Init_WriteMultipleBlocks(ctx);
200*7eba2f3bSAndroid Build Coastguard Worker break;
201*7eba2f3bSAndroid Build Coastguard Worker
202*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_SELECT:
203*7eba2f3bSAndroid Build Coastguard Worker result = Init_Select(ctx);
204*7eba2f3bSAndroid Build Coastguard Worker break;
205*7eba2f3bSAndroid Build Coastguard Worker
206*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_RESET_TO_READY:
207*7eba2f3bSAndroid Build Coastguard Worker result = Init_ResetToReady(ctx);
208*7eba2f3bSAndroid Build Coastguard Worker break;
209*7eba2f3bSAndroid Build Coastguard Worker
210*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_WRITE_AFI:
211*7eba2f3bSAndroid Build Coastguard Worker result = Init_WriteAFI(ctx);
212*7eba2f3bSAndroid Build Coastguard Worker break;
213*7eba2f3bSAndroid Build Coastguard Worker
214*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_LOCK_AFI:
215*7eba2f3bSAndroid Build Coastguard Worker result = Init_LockAFI(ctx);
216*7eba2f3bSAndroid Build Coastguard Worker break;
217*7eba2f3bSAndroid Build Coastguard Worker
218*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_WRITE_DSFID:
219*7eba2f3bSAndroid Build Coastguard Worker result = Init_WriteDSFID(ctx);
220*7eba2f3bSAndroid Build Coastguard Worker break;
221*7eba2f3bSAndroid Build Coastguard Worker
222*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_LOCK_DSFID:
223*7eba2f3bSAndroid Build Coastguard Worker result = Init_LockDSFID(ctx);
224*7eba2f3bSAndroid Build Coastguard Worker break;
225*7eba2f3bSAndroid Build Coastguard Worker
226*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_GET_SYS_INFO:
227*7eba2f3bSAndroid Build Coastguard Worker result = Init_GetSysInfo(ctx);
228*7eba2f3bSAndroid Build Coastguard Worker break;
229*7eba2f3bSAndroid Build Coastguard Worker
230*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_GET_MULTI_BLOCK_SECURITY_STATUS:
231*7eba2f3bSAndroid Build Coastguard Worker result = Init_GetMultiBlockSecurityStatus(ctx);
232*7eba2f3bSAndroid Build Coastguard Worker break;
233*7eba2f3bSAndroid Build Coastguard Worker
234*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_DETECT_NDEF:
235*7eba2f3bSAndroid Build Coastguard Worker result = Init_DetectNDef(ctx);
236*7eba2f3bSAndroid Build Coastguard Worker break;
237*7eba2f3bSAndroid Build Coastguard Worker
238*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_READ_NDEF:
239*7eba2f3bSAndroid Build Coastguard Worker result = Init_ReadNDef(ctx);
240*7eba2f3bSAndroid Build Coastguard Worker break;
241*7eba2f3bSAndroid Build Coastguard Worker
242*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_UPDATE_NDEF:
243*7eba2f3bSAndroid Build Coastguard Worker result = Init_UpdateNDef(ctx);
244*7eba2f3bSAndroid Build Coastguard Worker break;
245*7eba2f3bSAndroid Build Coastguard Worker
246*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_FORMAT_NDEF:
247*7eba2f3bSAndroid Build Coastguard Worker result = Init_FormatNDef(ctx);
248*7eba2f3bSAndroid Build Coastguard Worker break;
249*7eba2f3bSAndroid Build Coastguard Worker
250*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_SET_TAG_READONLY:
251*7eba2f3bSAndroid Build Coastguard Worker result = Init_SetTagReadOnly(ctx);
252*7eba2f3bSAndroid Build Coastguard Worker break;
253*7eba2f3bSAndroid Build Coastguard Worker
254*7eba2f3bSAndroid Build Coastguard Worker case SUB_TYPE_PRESENCE_CHECK:
255*7eba2f3bSAndroid Build Coastguard Worker result = Init_PresenceCheck(ctx);
256*7eba2f3bSAndroid Build Coastguard Worker break;
257*7eba2f3bSAndroid Build Coastguard Worker
258*7eba2f3bSAndroid Build Coastguard Worker default:
259*7eba2f3bSAndroid Build Coastguard Worker FUZZLOG(MODULE_NAME ": Unknown command %d", ctx.SubType);
260*7eba2f3bSAndroid Build Coastguard Worker result = false;
261*7eba2f3bSAndroid Build Coastguard Worker break;
262*7eba2f3bSAndroid Build Coastguard Worker }
263*7eba2f3bSAndroid Build Coastguard Worker
264*7eba2f3bSAndroid Build Coastguard Worker if (!result) {
265*7eba2f3bSAndroid Build Coastguard Worker FUZZLOG(MODULE_NAME ": Initializing command %02X failed", ctx.SubType);
266*7eba2f3bSAndroid Build Coastguard Worker }
267*7eba2f3bSAndroid Build Coastguard Worker
268*7eba2f3bSAndroid Build Coastguard Worker return result;
269*7eba2f3bSAndroid Build Coastguard Worker }
270*7eba2f3bSAndroid Build Coastguard Worker
Fuzz_Deinit(Fuzz_Context &)271*7eba2f3bSAndroid Build Coastguard Worker static void Fuzz_Deinit(Fuzz_Context& /*ctx*/) {
272*7eba2f3bSAndroid Build Coastguard Worker if (rf_cback) {
273*7eba2f3bSAndroid Build Coastguard Worker tRW_I93_CB* p_i93 = &rw_cb.tcb.i93;
274*7eba2f3bSAndroid Build Coastguard Worker if (p_i93->p_update_data) {
275*7eba2f3bSAndroid Build Coastguard Worker GKI_freebuf(p_i93->p_update_data);
276*7eba2f3bSAndroid Build Coastguard Worker p_i93->p_update_data = nullptr;
277*7eba2f3bSAndroid Build Coastguard Worker }
278*7eba2f3bSAndroid Build Coastguard Worker
279*7eba2f3bSAndroid Build Coastguard Worker tNFC_CONN conn = {
280*7eba2f3bSAndroid Build Coastguard Worker .deactivate = {.status = NFC_STATUS_OK,
281*7eba2f3bSAndroid Build Coastguard Worker .type = NFC_DEACTIVATE_TYPE_IDLE,
282*7eba2f3bSAndroid Build Coastguard Worker .is_ntf = true,
283*7eba2f3bSAndroid Build Coastguard Worker .reason = NFC_DEACTIVATE_REASON_DH_REQ_FAILED}};
284*7eba2f3bSAndroid Build Coastguard Worker
285*7eba2f3bSAndroid Build Coastguard Worker rf_cback(NFC_RF_CONN_ID, NFC_DEACTIVATE_CEVT, &conn);
286*7eba2f3bSAndroid Build Coastguard Worker }
287*7eba2f3bSAndroid Build Coastguard Worker }
288*7eba2f3bSAndroid Build Coastguard Worker
Fuzz_Run(Fuzz_Context & ctx)289*7eba2f3bSAndroid Build Coastguard Worker static void Fuzz_Run(Fuzz_Context& ctx) {
290*7eba2f3bSAndroid Build Coastguard Worker for (auto it = ctx.Data.cbegin() + 1; it != ctx.Data.cend(); ++it) {
291*7eba2f3bSAndroid Build Coastguard Worker NFC_HDR* p_msg;
292*7eba2f3bSAndroid Build Coastguard Worker p_msg = (NFC_HDR*)GKI_getbuf(sizeof(NFC_HDR) + it->size());
293*7eba2f3bSAndroid Build Coastguard Worker if (p_msg == nullptr || it->size() < 1) {
294*7eba2f3bSAndroid Build Coastguard Worker FUZZLOG(MODULE_NAME ": GKI_getbuf returns null, size=%zu", it->size());
295*7eba2f3bSAndroid Build Coastguard Worker return;
296*7eba2f3bSAndroid Build Coastguard Worker }
297*7eba2f3bSAndroid Build Coastguard Worker
298*7eba2f3bSAndroid Build Coastguard Worker /* Initialize NFC_HDR */
299*7eba2f3bSAndroid Build Coastguard Worker p_msg->len = it->size() - 1;
300*7eba2f3bSAndroid Build Coastguard Worker p_msg->offset = 0;
301*7eba2f3bSAndroid Build Coastguard Worker
302*7eba2f3bSAndroid Build Coastguard Worker uint8_t* p = (uint8_t*)(p_msg + 1) + p_msg->offset;
303*7eba2f3bSAndroid Build Coastguard Worker memcpy(p, it->data(), it->size());
304*7eba2f3bSAndroid Build Coastguard Worker
305*7eba2f3bSAndroid Build Coastguard Worker tNFC_CONN conn = {.data = {
306*7eba2f3bSAndroid Build Coastguard Worker .status = NFC_STATUS_OK,
307*7eba2f3bSAndroid Build Coastguard Worker .p_data = p_msg,
308*7eba2f3bSAndroid Build Coastguard Worker }};
309*7eba2f3bSAndroid Build Coastguard Worker
310*7eba2f3bSAndroid Build Coastguard Worker FUZZLOG(MODULE_NAME ": SubType=%02X, Response[%zd/%zd]=%s", ctx.SubType,
311*7eba2f3bSAndroid Build Coastguard Worker it - ctx.Data.cbegin(), ctx.Data.size() - 1,
312*7eba2f3bSAndroid Build Coastguard Worker BytesToHex(*it).c_str());
313*7eba2f3bSAndroid Build Coastguard Worker
314*7eba2f3bSAndroid Build Coastguard Worker rf_cback(NFC_RF_CONN_ID, NFC_DATA_CEVT, &conn);
315*7eba2f3bSAndroid Build Coastguard Worker }
316*7eba2f3bSAndroid Build Coastguard Worker }
317*7eba2f3bSAndroid Build Coastguard Worker
Type5_FixPackets(uint8_t,std::vector<bytes_t> &)318*7eba2f3bSAndroid Build Coastguard Worker void Type5_FixPackets(uint8_t /*SubType*/, std::vector<bytes_t>& /*Data*/) {}
319*7eba2f3bSAndroid Build Coastguard Worker
Type5_Fuzz(uint8_t SubType,const std::vector<bytes_t> & Data)320*7eba2f3bSAndroid Build Coastguard Worker void Type5_Fuzz(uint8_t SubType, const std::vector<bytes_t>& Data) {
321*7eba2f3bSAndroid Build Coastguard Worker Fuzz_Context ctx(SubType % SUB_TYPE_MAX, Data);
322*7eba2f3bSAndroid Build Coastguard Worker if (Fuzz_Init(ctx)) {
323*7eba2f3bSAndroid Build Coastguard Worker Fuzz_Run(ctx);
324*7eba2f3bSAndroid Build Coastguard Worker }
325*7eba2f3bSAndroid Build Coastguard Worker
326*7eba2f3bSAndroid Build Coastguard Worker Fuzz_Deinit(ctx);
327*7eba2f3bSAndroid Build Coastguard Worker }
328