/src/spdm-rs/fuzz-target/responder/certificate_rsp/src/main.rs
Line | Count | Source |
1 | | // Copyright (c) 2020 Intel Corporation |
2 | | // |
3 | | // SPDX-License-Identifier: Apache-2.0 or MIT |
4 | | use fuzzlib::{ |
5 | | spdmlib::common::session::{SpdmSession, SpdmSessionState}, |
6 | | spdmlib::common::SpdmConnectionState, |
7 | | spdmlib::protocol::{SpdmBaseHashAlgo, SpdmVersion}, |
8 | | *, |
9 | | }; |
10 | | use spdmlib::protocol::*; |
11 | | use spin::Mutex; |
12 | | extern crate alloc; |
13 | | use alloc::sync::Arc; |
14 | | |
15 | 37 | async fn fuzz_handle_spdm_certificate(data: Arc<Vec<u8>>) { |
16 | 0 | spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone()); |
17 | 0 | spdmlib::secret::pqc_asym_sign::register(SECRET_PQC_ASYM_IMPL_INSTANCE.clone()); |
18 | | // TCD: |
19 | | // - id: 0 |
20 | | // - title: 'Fuzz SPDM handle certificate request' |
21 | | // - description: '<p>Responder send certificate response to requester.</p>' |
22 | | // - |
23 | 0 | { |
24 | 0 | let (config_info, provision_info) = rsp_create_info(); |
25 | 0 | let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); |
26 | 0 |
|
27 | 0 | let shared_buffer = SharedBuffer::new(); |
28 | 0 | let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( |
29 | 0 | shared_buffer, |
30 | 0 | )))); |
31 | 0 |
|
32 | 0 | let mut context = responder::ResponderContext::new( |
33 | 0 | socket_io_transport, |
34 | 0 | pcidoe_transport_encap, |
35 | 0 | config_info, |
36 | 0 | provision_info, |
37 | 0 | ); |
38 | 0 |
|
39 | 0 | context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; |
40 | 0 | context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; |
41 | 0 | context.common.provision_info.my_cert_chain = [ |
42 | 0 | Some(get_rsp_cert_chain_buff()), |
43 | 0 | None, |
44 | 0 | None, |
45 | 0 | None, |
46 | 0 | None, |
47 | 0 | None, |
48 | 0 | None, |
49 | 0 | None, |
50 | 0 | ]; |
51 | 0 | context |
52 | 0 | .common |
53 | 0 | .runtime_info |
54 | 0 | .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); |
55 | 0 |
|
56 | 0 | let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; |
57 | 0 | let mut writer = codec::Writer::init(&mut response_buffer); |
58 | 0 | let _ = context.handle_spdm_certificate(&data, None, &mut writer); |
59 | 0 | } |
60 | | // TCD: |
61 | | // - id: 0 |
62 | | // - title: 'Fuzz SPDM handle certificate request' |
63 | | // - description: '<p>Responder send certificate response to requester in session.</p>' |
64 | | // - |
65 | 0 | { |
66 | 0 | let (config_info, provision_info) = rsp_create_info(); |
67 | 0 | let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {})); |
68 | 0 |
|
69 | 0 | let shared_buffer = SharedBuffer::new(); |
70 | 0 | let socket_io_transport = Arc::new(Mutex::new(FakeSpdmDeviceIoReceve::new(Arc::new( |
71 | 0 | shared_buffer, |
72 | 0 | )))); |
73 | 0 |
|
74 | 0 | let mut context = responder::ResponderContext::new( |
75 | 0 | socket_io_transport, |
76 | 0 | pcidoe_transport_encap, |
77 | 0 | config_info, |
78 | 0 | provision_info, |
79 | 0 | ); |
80 | 0 |
|
81 | 0 | context.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12; |
82 | 0 | context.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384; |
83 | 0 | context.common.provision_info.my_cert_chain = [ |
84 | 0 | Some(get_rsp_cert_chain_buff()), |
85 | 0 | None, |
86 | 0 | None, |
87 | 0 | None, |
88 | 0 | None, |
89 | 0 | None, |
90 | 0 | None, |
91 | 0 | None, |
92 | 0 | ]; |
93 | 0 | context.common.session[0] = SpdmSession::new(); |
94 | 0 | context.common.session[0].setup(4294836221).unwrap(); |
95 | 0 | context.common.session[0].set_session_state(SpdmSessionState::SpdmSessionEstablished); |
96 | 0 | context.common.session[0].set_crypto_param( |
97 | 0 | SpdmBaseHashAlgo::TPM_ALG_SHA_384, |
98 | 0 | SpdmDheAlgo::SECP_384_R1, |
99 | 0 | SpdmKemAlgo::empty(), |
100 | 0 | SpdmAeadAlgo::AES_256_GCM, |
101 | 0 | SpdmKeyScheduleAlgo::SPDM_KEY_SCHEDULE, |
102 | 0 | ); |
103 | 0 | context |
104 | 0 | .common |
105 | 0 | .runtime_info |
106 | 0 | .set_connection_state(SpdmConnectionState::SpdmConnectionNegotiated); |
107 | 0 |
|
108 | 0 | let mut response_buffer = [0u8; spdmlib::config::MAX_SPDM_MSG_SIZE]; |
109 | 0 | let mut writer = codec::Writer::init(&mut response_buffer); |
110 | 0 | let _ = context.handle_spdm_certificate(&data, Some(4294836221), &mut writer); |
111 | 0 | } |
112 | 0 | } |
113 | | |
114 | | #[cfg(not(feature = "use_libfuzzer"))] |
115 | | fn main() { |
116 | | #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))] |
117 | | flexi_logger::Logger::try_with_str("info") |
118 | | .unwrap() |
119 | | .log_to_file( |
120 | | FileSpec::default() |
121 | | .directory("traces") |
122 | | .basename("foo") |
123 | | .discriminant("Sample4711A") |
124 | | .suffix("trc"), |
125 | | ) |
126 | | .print_message() |
127 | | .create_symlink("current_run") |
128 | | .start() |
129 | | .unwrap(); |
130 | | |
131 | | #[cfg(not(feature = "fuzz"))] |
132 | | { |
133 | | let args: Vec<String> = std::env::args().collect(); |
134 | | if args.len() < 2 { |
135 | | // Here you can replace the single-step debugging value in the fuzzdata array. |
136 | | let fuzzdata = vec![ |
137 | | 17, 227, 4, 0, 48, 0, 1, 0, 128, 0, 0, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
138 | | 0, 0, 0, 0, 0, 0, 2, 32, 16, 0, 3, 32, 2, 0, 4, 32, 2, 0, 5, 32, 1, 0, |
139 | | ]; |
140 | | executor::block_on(fuzz_handle_spdm_certificate(Arc::new(fuzzdata))); |
141 | | } else { |
142 | | let path = &args[1]; |
143 | | let data = std::fs::read(path).expect("read crash file fail"); |
144 | | executor::block_on(fuzz_handle_spdm_certificate(Arc::new(data))); |
145 | | } |
146 | | } |
147 | | #[cfg(feature = "fuzz")] |
148 | | afl::fuzz!(|data: &[u8]| { |
149 | | executor::block_on(fuzz_handle_spdm_certificate(Arc::new(data.to_vec()))); |
150 | | }); |
151 | | } |