aboutsummaryrefslogtreecommitdiffstats
path: root/tests/p2p-fuzzer
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2015-04-08 20:12:25 (GMT)
committerJouni Malinen <j@w1.fi>2015-04-22 08:44:19 (GMT)
commita65d7495b52690d3a7d660b8aec50aa22f5ceda6 (patch)
tree36e15ecda654a0f9167b574a7b971b64c5f942bb /tests/p2p-fuzzer
parent632931c3cef852fc0a2a38150825cd949fff940e (diff)
downloadhostap-a65d7495b52690d3a7d660b8aec50aa22f5ceda6.zip
hostap-a65d7495b52690d3a7d660b8aec50aa22f5ceda6.tar.gz
hostap-a65d7495b52690d3a7d660b8aec50aa22f5ceda6.tar.bz2
tests: Add p2p-fuzzer
This program can be used to run fuzzing tests for areas related to P2P message parsing and processing. p2p-fuzzer allows data files to be used to inject Probe Response and Action frames for processing by the P2P module. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'tests/p2p-fuzzer')
-rw-r--r--tests/p2p-fuzzer/Makefile51
-rw-r--r--tests/p2p-fuzzer/go-neg-req.datbin0 -> 155 bytes
-rw-r--r--tests/p2p-fuzzer/invitation-req.datbin0 -> 123 bytes
-rw-r--r--tests/p2p-fuzzer/p2p-fuzzer.c213
-rw-r--r--tests/p2p-fuzzer/p2ps-pd-req.datbin0 -> 189 bytes
-rw-r--r--tests/p2p-fuzzer/proberesp-go.datbin0 -> 306 bytes
-rw-r--r--tests/p2p-fuzzer/proberesp.datbin0 -> 209 bytes
7 files changed, 264 insertions, 0 deletions
diff --git a/tests/p2p-fuzzer/Makefile b/tests/p2p-fuzzer/Makefile
new file mode 100644
index 0000000..4f81ef1
--- /dev/null
+++ b/tests/p2p-fuzzer/Makefile
@@ -0,0 +1,51 @@
+all: p2p-fuzzer
+
+ifndef CC
+CC=gcc
+endif
+
+ifndef LDO
+LDO=$(CC)
+endif
+
+ifndef CFLAGS
+CFLAGS = -MMD -O2 -Wall -g
+endif
+
+SRC=../../src
+
+CFLAGS += -I$(SRC)
+
+$(SRC)/utils/libutils.a:
+ $(MAKE) -C $(SRC)/utils
+
+$(SRC)/common/libcommon.a:
+ $(MAKE) -C $(SRC)/common
+
+$(SRC)/crypto/libcrypto.a:
+ $(MAKE) -C $(SRC)/crypto
+
+$(SRC)/tls/libtls.a:
+ $(MAKE) -C $(SRC)/tls
+
+$(SRC)/p2p/libp2p.a:
+ $(MAKE) -C $(SRC)/p2p
+
+$(SRC)/wps/libwps.a:
+ $(MAKE) -C $(SRC)/wps
+
+LIBS += $(SRC)/utils/libutils.a
+LIBS += $(SRC)/common/libcommon.a
+LIBS += $(SRC)/crypto/libcrypto.a
+LIBS += $(SRC)/p2p/libp2p.a
+LIBS += $(SRC)/tls/libtls.a
+LIBS += $(SRC)/wps/libwps.a
+
+p2p-fuzzer: p2p-fuzzer.o $(LIBS)
+ $(LDO) $(LDFLAGS) -o $@ $^ $(LIBS)
+
+clean:
+ $(MAKE) -C $(SRC) clean
+ rm -f p2p-fuzzer *~ *.o *.d
+
+-include $(OBJS:%.o=%.d)
diff --git a/tests/p2p-fuzzer/go-neg-req.dat b/tests/p2p-fuzzer/go-neg-req.dat
new file mode 100644
index 0000000..ed06834
--- /dev/null
+++ b/tests/p2p-fuzzer/go-neg-req.dat
Binary files differ
diff --git a/tests/p2p-fuzzer/invitation-req.dat b/tests/p2p-fuzzer/invitation-req.dat
new file mode 100644
index 0000000..5991f3e
--- /dev/null
+++ b/tests/p2p-fuzzer/invitation-req.dat
Binary files differ
diff --git a/tests/p2p-fuzzer/p2p-fuzzer.c b/tests/p2p-fuzzer/p2p-fuzzer.c
new file mode 100644
index 0000000..dcc1d72
--- /dev/null
+++ b/tests/p2p-fuzzer/p2p-fuzzer.c
@@ -0,0 +1,213 @@
+/*
+ * wpa_supplicant - P2P fuzzer
+ * Copyright (c) 2015, Jouni Malinen <j@w1.fi>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "common/ieee802_11_defs.h"
+#include "p2p/p2p.h"
+
+
+static void debug_print(void *ctx, int level, const char *msg)
+{
+ wpa_printf(level, "P2P: %s", msg);
+}
+
+
+static void find_stopped(void *ctx)
+{
+}
+
+
+static int start_listen(void *ctx, unsigned int freq,
+ unsigned int duration,
+ const struct wpabuf *probe_resp_ie)
+{
+ return 0;
+}
+
+
+static void stop_listen(void *ctx)
+{
+}
+
+
+static void dev_found(void *ctx, const u8 *addr,
+ const struct p2p_peer_info *info,
+ int new_device)
+{
+}
+
+
+static void dev_lost(void *ctx, const u8 *dev_addr)
+{
+}
+
+
+static int send_action(void *ctx, unsigned int freq, const u8 *dst,
+ const u8 *src, const u8 *bssid, const u8 *buf,
+ size_t len, unsigned int wait_time)
+{
+ return 0;
+}
+
+
+static void send_action_done(void *ctx)
+{
+}
+
+
+static void go_neg_req_rx(void *ctx, const u8 *src, u16 dev_passwd_id)
+{
+}
+
+
+static struct p2p_data * init_p2p(void)
+{
+ struct p2p_config p2p;
+
+ os_memset(&p2p, 0, sizeof(p2p));
+ p2p.max_peers = 100;
+ p2p.passphrase_len = 8;
+ p2p.channels.reg_classes = 1;
+ p2p.channels.reg_class[0].reg_class = 81;
+ p2p.channels.reg_class[0].channel[0] = 1;
+ p2p.channels.reg_class[0].channel[1] = 2;
+ p2p.channels.reg_class[0].channels = 2;
+ p2p.debug_print = debug_print;
+ p2p.find_stopped = find_stopped;
+ p2p.start_listen = start_listen;
+ p2p.stop_listen = stop_listen;
+ p2p.dev_found = dev_found;
+ p2p.dev_lost = dev_lost;
+ p2p.send_action = send_action;
+ p2p.send_action_done = send_action_done;
+ p2p.go_neg_req_rx = go_neg_req_rx;
+
+ return p2p_init(&p2p);
+}
+
+
+struct arg_ctx {
+ struct p2p_data *p2p;
+ const char *fname;
+};
+
+
+static void test_send_proberesp(void *eloop_data, void *user_ctx)
+{
+ struct arg_ctx *ctx = eloop_data;
+ char *data;
+ size_t len;
+ struct os_reltime rx_time;
+
+ wpa_printf(MSG_INFO, "p2p-fuzzer: Send proberesp '%s'", ctx->fname);
+
+ data = os_readfile(ctx->fname, &len);
+ if (!data) {
+ wpa_printf(MSG_ERROR, "Could not read '%s'", ctx->fname);
+ return;
+ }
+
+ wpa_hexdump(MSG_MSGDUMP, "fuzzer - IEs", data, len);
+
+ os_memset(&rx_time, 0, sizeof(rx_time));
+ p2p_scan_res_handler(ctx->p2p, (u8 *) "\x02\x00\x00\x00\x01\x00", 2412,
+ &rx_time, 0, (u8 *) data, len);
+ p2p_scan_res_handled(ctx->p2p);
+
+ os_free(data);
+ eloop_terminate();
+}
+
+
+static void test_send_action(void *eloop_data, void *user_ctx)
+{
+ struct arg_ctx *ctx = eloop_data;
+ char *data;
+ size_t len;
+ struct os_reltime rx_time;
+ struct ieee80211_mgmt *mgmt;
+
+ wpa_printf(MSG_INFO, "p2p-fuzzer: Send action '%s'", ctx->fname);
+
+ data = os_readfile(ctx->fname, &len);
+ if (!data) {
+ wpa_printf(MSG_ERROR, "Could not read '%s'", ctx->fname);
+ return;
+ }
+ if (len < IEEE80211_HDRLEN + 1)
+ goto out;
+
+ wpa_hexdump(MSG_MSGDUMP, "fuzzer - action", data, len);
+
+ mgmt = (struct ieee80211_mgmt *) data;
+ os_memset(&rx_time, 0, sizeof(rx_time));
+ p2p_rx_action(ctx->p2p, mgmt->da, mgmt->sa, mgmt->bssid,
+ mgmt->u.action.category,
+ (u8 *) data + IEEE80211_HDRLEN + 1,
+ len - IEEE80211_HDRLEN - 1, 2412);
+
+out:
+ os_free(data);
+ eloop_terminate();
+}
+
+
+int main(int argc, char *argv[])
+{
+ struct p2p_data *p2p;
+ struct arg_ctx ctx;
+
+ /* TODO: probreq and wpas_p2p_probe_req_rx() */
+
+ if (argc < 3) {
+ printf("usage: %s <proberesp|action> <file>\n", argv[0]);
+ return -1;
+ }
+
+ if (os_program_init())
+ return -1;
+
+ wpa_debug_level = 0;
+ wpa_debug_show_keys = 1;
+
+ if (eloop_init()) {
+ wpa_printf(MSG_ERROR, "Failed to initialize event loop");
+ return -1;
+ }
+
+ p2p = init_p2p();
+ if (!p2p) {
+ wpa_printf(MSG_ERROR, "P2P init failed");
+ return -1;
+ }
+
+ ctx.p2p = p2p;
+ ctx.fname = argv[2];
+
+ if (os_strcmp(argv[1], "proberesp") == 0) {
+ eloop_register_timeout(0, 0, test_send_proberesp, &ctx, NULL);
+ } else if (os_strcmp(argv[1], "action") == 0) {
+ eloop_register_timeout(0, 0, test_send_action, &ctx, NULL);
+ } else {
+ wpa_printf(MSG_ERROR, "Unsupported test type '%s'", argv[1]);
+ return -1;
+ }
+
+ wpa_printf(MSG_DEBUG, "Starting eloop");
+ eloop_run();
+ wpa_printf(MSG_DEBUG, "eloop done");
+
+ p2p_deinit(p2p);
+ eloop_destroy();
+ os_program_deinit();
+
+ return 0;
+}
diff --git a/tests/p2p-fuzzer/p2ps-pd-req.dat b/tests/p2p-fuzzer/p2ps-pd-req.dat
new file mode 100644
index 0000000..7e1b6d9
--- /dev/null
+++ b/tests/p2p-fuzzer/p2ps-pd-req.dat
Binary files differ
diff --git a/tests/p2p-fuzzer/proberesp-go.dat b/tests/p2p-fuzzer/proberesp-go.dat
new file mode 100644
index 0000000..8541652
--- /dev/null
+++ b/tests/p2p-fuzzer/proberesp-go.dat
Binary files differ
diff --git a/tests/p2p-fuzzer/proberesp.dat b/tests/p2p-fuzzer/proberesp.dat
new file mode 100644
index 0000000..8d997d1
--- /dev/null
+++ b/tests/p2p-fuzzer/proberesp.dat
Binary files differ