attr->checkcode_len)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
"message");
+#ifdef TEST_FUZZ
+ wpa_printf(MSG_INFO,
+ "TEST: Ignore AT_CHECKCODE mismatch for fuzz testing");
+#else /* TEST_FUZZ */
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+#endif /* TEST_FUZZ */
}
#ifdef EAP_AKA_PRIME
if (eap_aka_verify_mac(data, reqData, attr->mac, (u8 *) "", 0)) {
wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message "
"used invalid AT_MAC");
+#ifdef TEST_FUZZ
+ wpa_printf(MSG_INFO,
+ "TEST: Ignore AT_MAC mismatch for fuzz testing");
+#else /* TEST_FUZZ */
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
+#endif /* TEST_FUZZ */
}
/* Old reauthentication identity must not be used anymore. In
if (attr->checkcode &&
eap_aka_verify_checkcode(data, attr->checkcode,
attr->checkcode_len)) {
+#ifdef TEST_FUZZ
+ wpa_printf(MSG_INFO,
+ "TEST: Ignore AT_CHECKCODE mismatch for fuzz testing");
+#else /* TEST_FUZZ */
wpa_printf(MSG_WARNING, "EAP-AKA: Invalid AT_CHECKCODE in the "
"message");
+#endif /* TEST_FUZZ */
return eap_aka_client_error(data, id,
EAP_AKA_UNABLE_TO_PROCESS_PACKET);
}
--- /dev/null
+all: eap-aka-peer
+include ../rules.include
+
+CFLAGS += -DIEEE8021X_EAPOL
+CFLAGS += -DCONFIG_USIM_SIMULATOR
+
+OBJS += $(SRC)/eap_peer/eap_aka.o
+OBJS += $(SRC)/eap_common/eap_sim_common.o
+OBJS += $(SRC)/eap_common/eap_common.o
+LIBS += $(SRC)/crypto/libcrypto.a
+LIBS += $(SRC)/utils/libutils.a
+
+eap-aka-peer: eap-aka-peer.o $(OBJS) $(LIBS)
+ $(Q)$(LDO) $(LDFLAGS) -o $@ $^ $(LIBS) $(ELIBS)
+ @$(E) " LD " $@
+
+clean:
+ $(MAKE) -C $(SRC) clean
+ rm -f eap-aka-peer *~ *.o *.d ../*~ ../*.o ../*.d
+
+-include $(OBJS:%.o=%.d)
--- /dev/null
+/*
+ * EAP-AKA peer fuzzer
+ * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "eap_peer/eap_methods.h"
+#include "eap_peer/eap_config.h"
+#include "eap_peer/eap_i.h"
+#include "../fuzzer-common.h"
+
+int eap_peer_sim_register(void);
+
+struct eap_method * registered_eap_method = NULL;
+
+
+struct eap_method * eap_peer_method_alloc(int version, int vendor,
+ EapType method, const char *name)
+{
+ struct eap_method *eap;
+ eap = os_zalloc(sizeof(*eap));
+ if (!eap)
+ return NULL;
+ eap->version = version;
+ eap->vendor = vendor;
+ eap->method = method;
+ eap->name = name;
+ return eap;
+}
+
+
+int eap_peer_method_register(struct eap_method *method)
+{
+ registered_eap_method = method;
+ return 0;
+}
+
+
+static struct eap_peer_config eap_aka_config = {
+ .identity = (u8 *) "0232010000000000",
+ .identity_len = 16,
+ .password = (u8 *) "90dca4eda45b53cf0f12d7c9c3bc6a89:cb9cccc4b9258e6dca4760379fb82581:000000000123",
+ .password_len = 78,
+};
+
+struct eap_peer_config * eap_get_config(struct eap_sm *sm)
+{
+ return &eap_aka_config;
+}
+
+
+const u8 * eap_get_config_identity(struct eap_sm *sm, size_t *len)
+{
+ static const char *id = "0232010000000000";
+
+ *len = os_strlen(id);
+ return (const u8 *) id;
+}
+
+
+const char * eap_get_config_phase1(struct eap_sm *sm)
+{
+ return NULL;
+}
+
+
+void eap_set_anon_id(struct eap_sm *sm, const u8 *id, size_t len)
+{
+}
+
+
+void eap_sm_request_identity(struct eap_sm *sm)
+{
+}
+
+
+void eap_sm_request_sim(struct eap_sm *sm, const char *req)
+{
+}
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ const u8 *pos, *end;
+ struct eap_sm *sm;
+ void *priv;
+ struct eap_method_ret ret;
+
+ wpa_fuzzer_set_debug_level();
+
+ eap_peer_aka_register();
+ sm = os_zalloc(sizeof(*sm));
+ if (!sm)
+ return 0;
+ priv = registered_eap_method->init(sm);
+ os_memset(&ret, 0, sizeof(ret));
+
+ pos = data;
+ end = pos + size;
+
+ while (end - pos > 2) {
+ u16 flen;
+ struct wpabuf *buf, *req;
+
+ flen = WPA_GET_BE16(pos);
+ pos += 2;
+ if (end - pos < flen)
+ break;
+ req = wpabuf_alloc_copy(pos, flen);
+ if (!req)
+ break;
+ wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - request", req);
+ buf = registered_eap_method->process(sm, priv, &ret, req);
+ wpa_hexdump_buf(MSG_MSGDUMP, "fuzzer - local response", buf);
+ wpabuf_free(req);
+ wpabuf_free(buf);
+ pos += flen;
+ }
+
+ registered_eap_method->deinit(sm, priv);
+ os_free(registered_eap_method);
+ os_free(sm);
+
+ return 0;
+}
projects / thirdparty / hostap.git / commitdiff
