/*
 * Copyright (c) 2019 Yubico AB. All rights reserved.
 * Use of this source code is governed by a BSD-style
 * license that can be found in the LICENSE file.
 */

#include <assert.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "mutator_aux.h"
#include "fido.h"

#include "../openbsd-compat/openbsd-compat.h"

#define TAG_PIN1			0x01
#define TAG_PIN2			0x02
#define TAG_RESET_WIRE_DATA		0x03
#define TAG_INFO_WIRE_DATA		0x04
#define TAG_SET_PIN_WIRE_DATA		0x05
#define TAG_CHANGE_PIN_WIRE_DATA	0x06
#define TAG_RETRY_WIRE_DATA		0x07
#define TAG_SEED			0x08

struct param {
	char		pin1[MAXSTR];
	char		pin2[MAXSTR];
	struct blob	reset_wire_data;
	struct blob	info_wire_data;
	struct blob	set_pin_wire_data;
	struct blob	change_pin_wire_data;
	struct blob	retry_wire_data;
	int		seed;
};

/* Example parameters. */
static const char dummy_pin1[] = "skepp cg0u3;Y..";
static const char dummy_pin2[] = "bastilha 6rJrfQZI.";

static const uint8_t dummy_reset_wire_data[] = {
	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x91,
	0xef, 0xbe, 0x74, 0x39, 0x1a, 0x1c, 0x4a, 0x00,
	0x22, 0x00, 0x01, 0x02, 0x05, 0x02, 0x01, 0x05,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x01,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x01, 0x90, 0x00, 0x01, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

static const uint8_t dummy_info_wire_data[] = {
	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x80,
	0x43, 0x56, 0x40, 0xb1, 0x4e, 0xd9, 0x2d, 0x00,
	0x22, 0x00, 0x02, 0x02, 0x05, 0x02, 0x01, 0x05,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0xb9, 0x00,
	0xa9, 0x01, 0x83, 0x66, 0x55, 0x32, 0x46, 0x5f,
	0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4f, 0x5f,
	0x32, 0x5f, 0x30, 0x6c, 0x46, 0x49, 0x44, 0x4f,
	0x5f, 0x32, 0x5f, 0x31, 0x5f, 0x50, 0x52, 0x45,
	0x02, 0x82, 0x6b, 0x63, 0x72, 0x65, 0x64, 0x50,
	0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x6b, 0x68,
	0x6d, 0x61, 0x63, 0x2d, 0x73, 0x65, 0x63, 0x72,
	0x00, 0x22, 0x00, 0x02, 0x00, 0x65, 0x74, 0x03,
	0x50, 0x19, 0x56, 0xe5, 0xbd, 0xa3, 0x74, 0x45,
	0xf1, 0xa8, 0x14, 0x35, 0x64, 0x03, 0xfd, 0xbc,
	0x18, 0x04, 0xa5, 0x62, 0x72, 0x6b, 0xf5, 0x62,
	0x75, 0x70, 0xf5, 0x64, 0x70, 0x6c, 0x61, 0x74,
	0xf4, 0x69, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
	0x50, 0x69, 0x6e, 0xf4, 0x75, 0x63, 0x72, 0x65,
	0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4d,
	0x00, 0x22, 0x00, 0x02, 0x01, 0x67, 0x6d, 0x74,
	0x50, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0xf5,
	0x05, 0x19, 0x04, 0xb0, 0x06, 0x81, 0x01, 0x07,
	0x08, 0x08, 0x18, 0x80, 0x0a, 0x82, 0xa2, 0x63,
	0x61, 0x6c, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70,
	0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
	0x2d, 0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c,
	0x67, 0x27, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6a,
	0x00, 0x22, 0x00, 0x02, 0x02, 0x70, 0x75, 0x62,
	0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

static const uint8_t dummy_set_pin_wire_data[] = {
	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x59,
	0x50, 0x8c, 0x27, 0x14, 0x83, 0x43, 0xd5, 0x00,
	0x22, 0x00, 0x03, 0x02, 0x05, 0x02, 0x01, 0x05,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x51, 0x00,
	0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
	0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
	0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
	0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
	0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
	0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
	0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
	0x00, 0x22, 0x00, 0x03, 0x00, 0x3f, 0xf1, 0x60,
	0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
	0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
	0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x01, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

static const uint8_t dummy_change_pin_wire_data[] = {
	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x48,
	0xfd, 0xf9, 0xde, 0x28, 0x21, 0x99, 0xd5, 0x00,
	0x22, 0x00, 0x04, 0x02, 0x05, 0x02, 0x01, 0x05,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00,
	0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
	0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
	0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
	0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
	0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
	0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
	0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
	0x00, 0x22, 0x00, 0x04, 0x00, 0x3f, 0xf1, 0x60,
	0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
	0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
	0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x01, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

static const uint8_t dummy_retry_wire_data[] = {
	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x7f,
	0xaa, 0x73, 0x3e, 0x95, 0x98, 0xa8, 0x60, 0x00,
	0x22, 0x00, 0x05, 0x02, 0x05, 0x02, 0x01, 0x05,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x22, 0x00, 0x05, 0x90, 0x00, 0x04, 0x00,
	0xa1, 0x03, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

int    LLVMFuzzerTestOneInput(const uint8_t *, size_t);
size_t LLVMFuzzerCustomMutator(uint8_t *, size_t, size_t, unsigned int);

static int
unpack(const uint8_t *ptr, size_t len, struct param *p) NO_MSAN
{
	uint8_t **pp = (void *)&ptr;

	if (unpack_string(TAG_PIN1, pp, &len, p->pin1) < 0 ||
	    unpack_string(TAG_PIN2, pp, &len, p->pin2) < 0 ||
	    unpack_blob(TAG_RESET_WIRE_DATA, pp, &len, &p->reset_wire_data) < 0 ||
	    unpack_blob(TAG_INFO_WIRE_DATA, pp, &len, &p->info_wire_data) < 0 ||
	    unpack_blob(TAG_SET_PIN_WIRE_DATA, pp, &len, &p->set_pin_wire_data) < 0 ||
	    unpack_blob(TAG_CHANGE_PIN_WIRE_DATA, pp, &len, &p->change_pin_wire_data) < 0 ||
	    unpack_blob(TAG_RETRY_WIRE_DATA, pp, &len, &p->retry_wire_data) < 0 ||
	    unpack_int(TAG_SEED, pp, &len, &p->seed) < 0)
		return (-1);

	return (0);
}

static size_t
pack(uint8_t *ptr, size_t len, const struct param *p)
{
	const size_t max = len;

	if (pack_string(TAG_PIN1, &ptr, &len, p->pin1) < 0 ||
	    pack_string(TAG_PIN2, &ptr, &len, p->pin2) < 0 ||
	    pack_blob(TAG_RESET_WIRE_DATA, &ptr, &len, &p->reset_wire_data) < 0 ||
	    pack_blob(TAG_INFO_WIRE_DATA, &ptr, &len, &p->info_wire_data) < 0 ||
	    pack_blob(TAG_SET_PIN_WIRE_DATA, &ptr, &len, &p->set_pin_wire_data) < 0 ||
	    pack_blob(TAG_CHANGE_PIN_WIRE_DATA, &ptr, &len, &p->change_pin_wire_data) < 0 ||
	    pack_blob(TAG_RETRY_WIRE_DATA, &ptr, &len, &p->retry_wire_data) < 0 ||
	    pack_int(TAG_SEED, &ptr, &len, p->seed) < 0)
		return (0);

	return (max - len);
}

static fido_dev_t *
prepare_dev()
{
	fido_dev_t	*dev;
	fido_dev_io_t	 io;

	io.open = dev_open;
	io.close = dev_close;
	io.read = dev_read;
	io.write = dev_write;

	if ((dev = fido_dev_new()) == NULL || fido_dev_set_io_functions(dev,
	    &io) != FIDO_OK || fido_dev_open(dev, "nodev") != FIDO_OK) {
		fido_dev_free(&dev);
		return (NULL);
	}

	return (dev);
}

static void
dev_reset(struct param *p)
{
	fido_dev_t *dev;

	set_wire_data(p->reset_wire_data.body, p->reset_wire_data.len);

	if ((dev = prepare_dev()) == NULL) {
		return;
	}

	fido_dev_reset(dev);
	fido_dev_close(dev);
	fido_dev_free(&dev);
}

static void
dev_get_cbor_info(struct param *p)
{
	fido_dev_t *dev;
	fido_cbor_info_t *ci;
	uint64_t n;
	uint8_t proto;
	uint8_t major;
	uint8_t minor;
	uint8_t build;
	uint8_t flags;

	set_wire_data(p->info_wire_data.body, p->info_wire_data.len);

	if ((dev = prepare_dev()) == NULL) {
		return;
	}

	proto = fido_dev_protocol(dev);
	major = fido_dev_major(dev);
	minor = fido_dev_minor(dev);
	build = fido_dev_build(dev);
	flags = fido_dev_flags(dev);

	consume(&proto, sizeof(proto));
	consume(&major, sizeof(major));
	consume(&minor, sizeof(minor));
	consume(&build, sizeof(build));
	consume(&flags, sizeof(flags));

	if ((ci = fido_cbor_info_new()) == NULL) {
		fido_dev_close(dev);
		fido_dev_free(&dev);
		return;
	}

	fido_dev_get_cbor_info(dev, ci);
	fido_dev_close(dev);
	fido_dev_free(&dev);

	for (size_t i = 0; i < fido_cbor_info_versions_len(ci); i++) {
		char * const *sa = fido_cbor_info_versions_ptr(ci);
		consume(sa[i], strlen(sa[i]));
	}
	for (size_t i = 0; i < fido_cbor_info_extensions_len(ci); i++) {
		char * const *sa = fido_cbor_info_extensions_ptr(ci);
		consume(sa[i], strlen(sa[i]));
	}

	for (size_t i = 0; i < fido_cbor_info_options_len(ci); i++) {
		char * const *sa = fido_cbor_info_options_name_ptr(ci);
		const bool *va = fido_cbor_info_options_value_ptr(ci);
		consume(sa[i], strlen(sa[i]));
		consume(&va[i], sizeof(va[i]));
	}

	n = fido_cbor_info_maxmsgsiz(ci);
	consume(&n, sizeof(n));

	consume(fido_cbor_info_aaguid_ptr(ci), fido_cbor_info_aaguid_len(ci));
	consume(fido_cbor_info_protocols_ptr(ci),
	    fido_cbor_info_protocols_len(ci));

	fido_cbor_info_free(&ci);
}

static void
dev_set_pin(struct param *p)
{
	fido_dev_t *dev;

	set_wire_data(p->set_pin_wire_data.body, p->set_pin_wire_data.len);

	if ((dev = prepare_dev()) == NULL) {
		return;
	}

	fido_dev_set_pin(dev, p->pin1, NULL);
	fido_dev_close(dev);
	fido_dev_free(&dev);
}

static void
dev_change_pin(struct param *p)
{
	fido_dev_t *dev;

	set_wire_data(p->change_pin_wire_data.body, p->change_pin_wire_data.len);

	if ((dev = prepare_dev()) == NULL) {
		return;
	}

	fido_dev_set_pin(dev, p->pin2, p->pin1);
	fido_dev_close(dev);
	fido_dev_free(&dev);
}

static void
dev_get_retry_count(struct param *p)
{
	fido_dev_t *dev;
	int n;

	set_wire_data(p->retry_wire_data.body, p->retry_wire_data.len);

	if ((dev = prepare_dev()) == NULL) {
		return;
	}

	fido_dev_get_retry_count(dev, &n);
	consume(&n, sizeof(n));
	fido_dev_close(dev);
	fido_dev_free(&dev);
}

int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
	struct param p;

	memset(&p, 0, sizeof(p));

	if (unpack(data, size, &p) < 0)
		return (0);

	srandom((unsigned int)p.seed);

	fido_init(0);

	dev_reset(&p);
	dev_get_cbor_info(&p);
	dev_set_pin(&p);
	dev_change_pin(&p);
	dev_get_retry_count(&p);

	return (0);
}

static size_t
pack_dummy(uint8_t *ptr, size_t len)
{
	struct param	dummy;
	uint8_t		blob[16384];
	size_t		blob_len;

	memset(&dummy, 0, sizeof(dummy));

	strlcpy(dummy.pin1, dummy_pin1, sizeof(dummy.pin1));
	strlcpy(dummy.pin2, dummy_pin2, sizeof(dummy.pin2));

	dummy.reset_wire_data.len = sizeof(dummy_reset_wire_data);
	dummy.info_wire_data.len = sizeof(dummy_info_wire_data);
	dummy.set_pin_wire_data.len = sizeof(dummy_set_pin_wire_data);
	dummy.change_pin_wire_data.len = sizeof(dummy_change_pin_wire_data);
	dummy.retry_wire_data.len = sizeof(dummy_retry_wire_data);

	memcpy(&dummy.reset_wire_data.body, &dummy_reset_wire_data,
	    dummy.reset_wire_data.len);
	memcpy(&dummy.info_wire_data.body, &dummy_info_wire_data,
	    dummy.info_wire_data.len);
	memcpy(&dummy.set_pin_wire_data.body, &dummy_set_pin_wire_data,
	    dummy.set_pin_wire_data.len);
	memcpy(&dummy.change_pin_wire_data.body, &dummy_change_pin_wire_data,
	    dummy.change_pin_wire_data.len);
	memcpy(&dummy.retry_wire_data.body, &dummy_retry_wire_data,
	    dummy.retry_wire_data.len);

	blob_len = pack(blob, sizeof(blob), &dummy);
	assert(blob_len != 0);

	if (blob_len > len) {
		memcpy(ptr, blob, len);
		return (len);
	}

	memcpy(ptr, blob, blob_len);

	return (blob_len);
}

size_t
LLVMFuzzerCustomMutator(uint8_t *data, size_t size, size_t maxsize,
    unsigned int seed)
{
	struct param	p;
	uint8_t		blob[16384];
	size_t		blob_len;

	memset(&p, 0, sizeof(p));

	if (unpack(data, size, &p) < 0)
		return (pack_dummy(data, maxsize));

	p.seed = (int)seed;

	mutate_string(p.pin1);
	mutate_string(p.pin2);

	mutate_blob(&p.reset_wire_data);
	mutate_blob(&p.info_wire_data);
	mutate_blob(&p.set_pin_wire_data);
	mutate_blob(&p.change_pin_wire_data);
	mutate_blob(&p.retry_wire_data);

	blob_len = pack(blob, sizeof(blob), &p);

	if (blob_len == 0 || blob_len > maxsize)
		return (0);

	memcpy(data, blob, blob_len);

	return (blob_len);
}