1 /*
2  * Copyright 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define PACKET_FUZZ_TESTING
18 #include "hci/hci_packets.h"
19 
20 #include <memory>
21 
22 #include "os/log.h"
23 #include "packet/bit_inserter.h"
24 #include "packet/raw_builder.h"
25 
26 using bluetooth::packet::BitInserter;
27 using bluetooth::packet::RawBuilder;
28 using std::vector;
29 
30 namespace bluetooth {
31 namespace hci {
32 
33 std::vector<void (*)(const uint8_t*, size_t)> hci_packet_fuzz_tests;
34 
35 DEFINE_AND_REGISTER_ResetReflectionFuzzTest(hci_packet_fuzz_tests);
36 
37 DEFINE_AND_REGISTER_ResetCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
38 
39 DEFINE_AND_REGISTER_ReadBufferSizeReflectionFuzzTest(hci_packet_fuzz_tests);
40 
41 DEFINE_AND_REGISTER_ReadBufferSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
42 
43 DEFINE_AND_REGISTER_HostBufferSizeReflectionFuzzTest(hci_packet_fuzz_tests);
44 
45 DEFINE_AND_REGISTER_HostBufferSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
46 
47 DEFINE_AND_REGISTER_ReadLocalVersionInformationReflectionFuzzTest(hci_packet_fuzz_tests);
48 
49 DEFINE_AND_REGISTER_ReadLocalVersionInformationCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
50 
51 DEFINE_AND_REGISTER_ReadBdAddrReflectionFuzzTest(hci_packet_fuzz_tests);
52 
53 DEFINE_AND_REGISTER_ReadBdAddrCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
54 
55 DEFINE_AND_REGISTER_ReadLocalSupportedCommandsReflectionFuzzTest(hci_packet_fuzz_tests);
56 
57 DEFINE_AND_REGISTER_ReadLocalSupportedCommandsCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
58 
59 DEFINE_AND_REGISTER_WriteSimplePairingModeReflectionFuzzTest(hci_packet_fuzz_tests);
60 
61 DEFINE_AND_REGISTER_WriteSimplePairingModeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
62 
63 DEFINE_AND_REGISTER_WriteLeHostSupportReflectionFuzzTest(hci_packet_fuzz_tests);
64 
65 DEFINE_AND_REGISTER_WriteLeHostSupportCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
66 
67 DEFINE_AND_REGISTER_ReadLocalExtendedFeaturesReflectionFuzzTest(hci_packet_fuzz_tests);
68 
69 DEFINE_AND_REGISTER_ReadLocalExtendedFeaturesCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
70 
71 DEFINE_AND_REGISTER_WriteSecureConnectionsHostSupportReflectionFuzzTest(hci_packet_fuzz_tests);
72 
73 DEFINE_AND_REGISTER_WriteSecureConnectionsHostSupportCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
74 
75 DEFINE_AND_REGISTER_LeReadConnectListSizeReflectionFuzzTest(hci_packet_fuzz_tests);
76 
77 DEFINE_AND_REGISTER_LeReadConnectListSizeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
78 
79 DEFINE_AND_REGISTER_LeReadBufferSizeV1ReflectionFuzzTest(hci_packet_fuzz_tests);
80 
81 DEFINE_AND_REGISTER_LeReadBufferSizeV1CompleteReflectionFuzzTest(hci_packet_fuzz_tests);
82 
83 DEFINE_AND_REGISTER_WriteCurrentIacLapReflectionFuzzTest(hci_packet_fuzz_tests);
84 
85 DEFINE_AND_REGISTER_WriteCurrentIacLapCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
86 
87 DEFINE_AND_REGISTER_WriteInquiryScanActivityReflectionFuzzTest(hci_packet_fuzz_tests);
88 
89 DEFINE_AND_REGISTER_WriteInquiryScanActivityCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
90 
91 DEFINE_AND_REGISTER_ReadInquiryScanActivityReflectionFuzzTest(hci_packet_fuzz_tests);
92 
93 DEFINE_AND_REGISTER_ReadInquiryScanActivityCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
94 
95 DEFINE_AND_REGISTER_ReadCurrentIacLapReflectionFuzzTest(hci_packet_fuzz_tests);
96 
97 DEFINE_AND_REGISTER_ReadCurrentIacLapCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
98 
99 DEFINE_AND_REGISTER_ReadNumberOfSupportedIacReflectionFuzzTest(hci_packet_fuzz_tests);
100 
101 DEFINE_AND_REGISTER_ReadNumberOfSupportedIacCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
102 
103 DEFINE_AND_REGISTER_ReadPageTimeoutReflectionFuzzTest(hci_packet_fuzz_tests);
104 
105 DEFINE_AND_REGISTER_ReadPageTimeoutCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
106 
107 DEFINE_AND_REGISTER_WritePageTimeoutReflectionFuzzTest(hci_packet_fuzz_tests);
108 
109 DEFINE_AND_REGISTER_WritePageTimeoutCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
110 
111 DEFINE_AND_REGISTER_InquiryReflectionFuzzTest(hci_packet_fuzz_tests);
112 
113 DEFINE_AND_REGISTER_InquiryStatusReflectionFuzzTest(hci_packet_fuzz_tests);
114 
115 DEFINE_AND_REGISTER_InquiryCancelReflectionFuzzTest(hci_packet_fuzz_tests);
116 
117 DEFINE_AND_REGISTER_InquiryCancelCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
118 
119 DEFINE_AND_REGISTER_PeriodicInquiryModeReflectionFuzzTest(hci_packet_fuzz_tests);
120 
121 DEFINE_AND_REGISTER_PeriodicInquiryModeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
122 
123 DEFINE_AND_REGISTER_ExitPeriodicInquiryModeReflectionFuzzTest(hci_packet_fuzz_tests);
124 
125 DEFINE_AND_REGISTER_ExitPeriodicInquiryModeCompleteReflectionFuzzTest(hci_packet_fuzz_tests);
126 
127 }  // namespace hci
128 }  // namespace bluetooth
129 
RunHciPacketFuzzTest(const uint8_t * data,size_t size)130 void RunHciPacketFuzzTest(const uint8_t* data, size_t size) {
131   if (data == nullptr) return;
132   for (auto test_function : bluetooth::hci::hci_packet_fuzz_tests) {
133     test_function(data, size);
134   }
135 }
136