/src/libtpms/tests/fuzz.cc

Source
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>

#include <libtpms/tpm_types.h>
#include <libtpms/tpm_library.h>
#include <libtpms/tpm_error.h>
#include <libtpms/tpm_memory.h>
#include <libtpms/tpm_nvfilename.h>


static void die(const char *msg)
{
    fprintf(stderr, "%s", msg);
    assert(false);
}

static TPM_RESULT mytpm_io_init(void)
{
    return TPM_SUCCESS;
}

static TPM_RESULT mytpm_io_getlocality(TPM_MODIFIER_INDICATOR *locModif,
                                       uint32_t tpm_number)
{
    *locModif = 0;

    return TPM_SUCCESS;
}

static TPM_RESULT mytpm_io_getphysicalpresence(TPM_BOOL *phyPres,
                                               uint32_t tpm_number)
{
    *phyPres = FALSE;

    return TPM_SUCCESS;
}

static unsigned char *permall;
static uint32_t permall_length;

static TPM_RESULT mytpm_nvram_loaddata(unsigned char **data,
                                       uint32_t *length,
                                       uint32_t tpm_number,
                                       const char *name)
{
    if (!strcmp(name, TPM_PERMANENT_ALL_NAME)) {
        if (permall) {
            *data = NULL;
            assert(TPM_Malloc(data, permall_length) == TPM_SUCCESS);
            memcpy(*data, permall, permall_length);
            *length = permall_length;
            return TPM_SUCCESS;
        }
    }
    return TPM_RETRY;
}

static TPM_RESULT mytpm_nvram_storedata(const unsigned char *data,
                                        uint32_t length,
                                        uint32_t tpm_number,
                                        const char *name)
{
    if (!strcmp(name, TPM_PERMANENT_ALL_NAME)) {
        free(permall);
        permall = NULL;
        assert(TPM_Malloc(&permall, length) == TPM_SUCCESS);
        memcpy(permall, data, length);
        permall_length = length;
    }
    return TPM_SUCCESS;
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
    unsigned char *rbuffer = NULL;
    uint32_t rlength;
    uint32_t rtotal = 0;
    TPM_RESULT res;
    unsigned char *vol_buffer = NULL;
    uint32_t vol_buffer_len;
    unsigned char *perm_buffer = NULL;
    uint32_t perm_buffer_len;
    unsigned char startup[] = {
        0x80, 0x01, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x01, 0x44, 0x00, 0x00
    };
    struct libtpms_callbacks cbs = {
        .sizeOfStruct               = sizeof(struct libtpms_callbacks),
        .tpm_nvram_init             = NULL,
        .tpm_nvram_loaddata         = mytpm_nvram_loaddata,
        .tpm_nvram_storedata        = mytpm_nvram_storedata,
        .tpm_nvram_deletename       = NULL,
        .tpm_io_init                = mytpm_io_init,
        .tpm_io_getlocality         = mytpm_io_getlocality,
        .tpm_io_getphysicalpresence = mytpm_io_getphysicalpresence,
    };
    res = TPMLIB_RegisterCallbacks(&cbs);
    if (res != TPM_SUCCESS)
        die("Could not register callbacks\n");

    res = TPMLIB_ChooseTPMVersion(TPMLIB_TPM_VERSION_2);
    if (res != TPM_SUCCESS)
        die("Could not choose the TPM version\n");

    res = TPMLIB_MainInit();
    if (res != TPM_SUCCESS)
        die("Error: TPMLIB_MainInit() failed\n");

    res = TPMLIB_Process(&rbuffer, &rlength, &rtotal, startup, sizeof(startup));
    if (res != TPM_SUCCESS)
        die("Error: TPMLIB_Process(Startup) failed\n");

    res = TPMLIB_Process(&rbuffer, &rlength, &rtotal, (unsigned char*)data, size);
    if (res != TPM_SUCCESS)
        die("Error: TPMLIB_Process(fuzz-command) failed\n");

    /* state suspend */
    res = TPMLIB_GetState(TPMLIB_STATE_VOLATILE, &vol_buffer, &vol_buffer_len);
    if (res != TPM_SUCCESS)
        die("Error: TPMLIB_GetState(TPMLIB_STATE_VOLATILE) failed\n");

    res = TPMLIB_GetState(TPMLIB_STATE_PERMANENT, &perm_buffer, &perm_buffer_len);
    if (res != TPM_SUCCESS)
        die("Error: TPMLIB_GetState(TPMLIB_STATE_PERMANENT) failed\n");

    TPMLIB_Terminate();

    /* state resume */
    res = TPMLIB_SetState(TPMLIB_STATE_PERMANENT, perm_buffer, perm_buffer_len);
    if (res != TPM_SUCCESS)
        die("Error: TPMLIB_SetState(TPMLIB_STATE_PERMANENT) failed\n");

    res = TPMLIB_SetState(TPMLIB_STATE_VOLATILE, vol_buffer, vol_buffer_len);
    if (res != TPM_SUCCESS)
        die("Error: TPMLIB_SetState(TPMLIB_STATE_VOLATILE) failed\n");

    res = TPMLIB_MainInit();
    if (res != TPM_SUCCESS)
        die("Error: TPMLIB_MainInit() to resume with the state failed\n");

    TPMLIB_Terminate();
    TPM_Free(rbuffer);
    TPM_Free(vol_buffer);
    TPM_Free(perm_buffer);
    TPM_Free(permall);
    permall = NULL;

    return 0;
}

Line	Count	Source
1		#include <stdlib.h>
2		#include <stdio.h>
3		#include <string.h>
4		#include <unistd.h>
5		#include <assert.h>
6
7		#include <libtpms/tpm_types.h>
8		#include <libtpms/tpm_library.h>
9		#include <libtpms/tpm_error.h>
10		#include <libtpms/tpm_memory.h>
11		#include <libtpms/tpm_nvfilename.h>
12
13
14		static void die(const char *msg)
15	0	{
16	0	fprintf(stderr, "%s", msg);
17	0	assert(false);
18	0	}
19
20		static TPM_RESULT mytpm_io_init(void)
21	12.0k	{
22	12.0k	return TPM_SUCCESS;
23	12.0k	}
24
25		static TPM_RESULT mytpm_io_getlocality(TPM_MODIFIER_INDICATOR *locModif,
26		uint32_t tpm_number)
27	12.0k	{
28	12.0k	*locModif = 0;
29
30	12.0k	return TPM_SUCCESS;
31	12.0k	}
32
33		static TPM_RESULT mytpm_io_getphysicalpresence(TPM_BOOL *phyPres,
34		uint32_t tpm_number)
35	1	{
36	1	*phyPres = FALSE;
37
38	1	return TPM_SUCCESS;
39	1	}
40
41		static unsigned char *permall;
42		static uint32_t permall_length;
43
44		static TPM_RESULT mytpm_nvram_loaddata(unsigned char **data,
45		uint32_t *length,
46		uint32_t tpm_number,
47		const char *name)
48	30.0k	{
49	30.0k	if (!strcmp(name, TPM_PERMANENT_ALL_NAME)) {
50	24.0k	if (permall) {
51	12.0k	*data = NULL;
52	12.0k	assert(TPM_Malloc(data, permall_length) == TPM_SUCCESS);
53	12.0k	memcpy(*data, permall, permall_length);
54	12.0k	*length = permall_length;
55	12.0k	return TPM_SUCCESS;
56	12.0k	}
57	24.0k	}
58	18.0k	return TPM_RETRY;
59	30.0k	}
60
61		static TPM_RESULT mytpm_nvram_storedata(const unsigned char *data,
62		uint32_t length,
63		uint32_t tpm_number,
64		const char *name)
65	18.2k	{
66	18.2k	if (!strcmp(name, TPM_PERMANENT_ALL_NAME)) {
67	18.2k	free(permall);
68	18.2k	permall = NULL;
69	18.2k	assert(TPM_Malloc(&permall, length) == TPM_SUCCESS);
70	18.2k	memcpy(permall, data, length);
71	18.2k	permall_length = length;
72	18.2k	}
73	18.2k	return TPM_SUCCESS;
74	18.2k	}
75
76		extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
77	6.01k	{
78	6.01k	unsigned char *rbuffer = NULL;
79	6.01k	uint32_t rlength;
80	6.01k	uint32_t rtotal = 0;
81	6.01k	TPM_RESULT res;
82	6.01k	unsigned char *vol_buffer = NULL;
83	6.01k	uint32_t vol_buffer_len;
84	6.01k	unsigned char *perm_buffer = NULL;
85	6.01k	uint32_t perm_buffer_len;
86	6.01k	unsigned char startup[] = {
87	6.01k	0x80, 0x01, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x01, 0x44, 0x00, 0x00
88	6.01k	};
89	6.01k	struct libtpms_callbacks cbs = {
90	6.01k	.sizeOfStruct = sizeof(struct libtpms_callbacks),
91	6.01k	.tpm_nvram_init = NULL,
92	6.01k	.tpm_nvram_loaddata = mytpm_nvram_loaddata,
93	6.01k	.tpm_nvram_storedata = mytpm_nvram_storedata,
94	6.01k	.tpm_nvram_deletename = NULL,
95	6.01k	.tpm_io_init = mytpm_io_init,
96	6.01k	.tpm_io_getlocality = mytpm_io_getlocality,
97	6.01k	.tpm_io_getphysicalpresence = mytpm_io_getphysicalpresence,
98	6.01k	};
99	6.01k	res = TPMLIB_RegisterCallbacks(&cbs);
100	6.01k	if (res != TPM_SUCCESS)
101	0	die("Could not register callbacks\n");
102
103	6.01k	res = TPMLIB_ChooseTPMVersion(TPMLIB_TPM_VERSION_2);
104	6.01k	if (res != TPM_SUCCESS)
105	0	die("Could not choose the TPM version\n");
106
107	6.01k	res = TPMLIB_MainInit();
108	6.01k	if (res != TPM_SUCCESS)
109	0	die("Error: TPMLIB_MainInit() failed\n");
110
111	6.01k	res = TPMLIB_Process(&rbuffer, &rlength, &rtotal, startup, sizeof(startup));
112	6.01k	if (res != TPM_SUCCESS)
113	0	die("Error: TPMLIB_Process(Startup) failed\n");
114
115	6.01k	res = TPMLIB_Process(&rbuffer, &rlength, &rtotal, (unsigned char*)data, size);
116	6.01k	if (res != TPM_SUCCESS)
117	0	die("Error: TPMLIB_Process(fuzz-command) failed\n");
118
119		/* state suspend */
120	6.01k	res = TPMLIB_GetState(TPMLIB_STATE_VOLATILE, &vol_buffer, &vol_buffer_len);
121	6.01k	if (res != TPM_SUCCESS)
122	0	die("Error: TPMLIB_GetState(TPMLIB_STATE_VOLATILE) failed\n");
123
124	6.01k	res = TPMLIB_GetState(TPMLIB_STATE_PERMANENT, &perm_buffer, &perm_buffer_len);
125	6.01k	if (res != TPM_SUCCESS)
126	0	die("Error: TPMLIB_GetState(TPMLIB_STATE_PERMANENT) failed\n");
127
128	6.01k	TPMLIB_Terminate();
129
130		/* state resume */
131	6.01k	res = TPMLIB_SetState(TPMLIB_STATE_PERMANENT, perm_buffer, perm_buffer_len);
132	6.01k	if (res != TPM_SUCCESS)
133	0	die("Error: TPMLIB_SetState(TPMLIB_STATE_PERMANENT) failed\n");
134
135	6.01k	res = TPMLIB_SetState(TPMLIB_STATE_VOLATILE, vol_buffer, vol_buffer_len);
136	6.01k	if (res != TPM_SUCCESS)
137	0	die("Error: TPMLIB_SetState(TPMLIB_STATE_VOLATILE) failed\n");
138
139	6.01k	res = TPMLIB_MainInit();
140	6.01k	if (res != TPM_SUCCESS)
141	0	die("Error: TPMLIB_MainInit() to resume with the state failed\n");
142
143	6.01k	TPMLIB_Terminate();
144	6.01k	TPM_Free(rbuffer);
145	6.01k	TPM_Free(vol_buffer);
146	6.01k	TPM_Free(perm_buffer);
147	6.01k	TPM_Free(permall);
148	6.01k	permall = NULL;
149
150	6.01k	return 0;
151	6.01k	}

Coverage Report

Created: 2026-02-14 06:19