Coverage Report

Created: 2026-06-08 06:46

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/spdm-rs/fuzz-target/requester/challenge_req/src/main.rs
Line
Count
Source
1
// Copyright (c) 2020 Intel Corporation
2
//
3
// SPDX-License-Identifier: Apache-2.0 or MIT
4
5
use fuzzlib::*;
6
use spdmlib::protocol::*;
7
use spin::Mutex;
8
extern crate alloc;
9
use alloc::sync::Arc;
10
11
32
async fn fuzz_send_receive_spdm_challenge(fuzzdata: Arc<Vec<u8>>) {
12
0
    let (req_config_info, req_provision_info) = req_create_info();
13
14
0
    let shared_buffer = SharedBuffer::new();
15
0
    let pcidoe_transport_encap = Arc::new(Mutex::new(PciDoeTransportEncap {}));
16
17
0
    spdmlib::secret::asym_sign::register(SECRET_ASYM_IMPL_INSTANCE.clone());
18
0
    spdmlib::secret::pqc_asym_sign::register(SECRET_PQC_ASYM_IMPL_INSTANCE.clone());
19
0
    spdmlib::secret::measurement::register(SECRET_MEASUREMENT_IMPL_INSTANCE.clone());
20
0
    spdmlib::crypto::rand::register(FAKE_RAND.clone());
21
22
0
    let mut device_io_requester = fake_device_io::FakeSpdmDeviceIo::new(Arc::new(shared_buffer));
23
0
    device_io_requester.set_rx(&fuzzdata);
24
0
    let device_io_requester = Arc::new(Mutex::new(device_io_requester));
25
26
0
    let mut requester = requester::RequesterContext::new(
27
0
        device_io_requester,
28
0
        pcidoe_transport_encap,
29
0
        req_config_info,
30
0
        req_provision_info,
31
    );
32
0
    requester.common.reset_runtime_info();
33
34
0
    requester
35
0
        .common
36
0
        .negotiate_info
37
0
        .measurement_specification_sel = SpdmMeasurementSpecification::DMTF;
38
39
0
    requester.common.negotiate_info.spdm_version_sel = SpdmVersion::SpdmVersion12;
40
0
    requester.common.negotiate_info.measurement_hash_sel = SpdmMeasurementHashAlgo::TPM_ALG_SHA_384;
41
0
    requester.common.negotiate_info.base_hash_sel = SpdmBaseHashAlgo::TPM_ALG_SHA_384;
42
0
    requester.common.negotiate_info.base_asym_sel = SpdmBaseAsymAlgo::TPM_ALG_ECDSA_ECC_NIST_P384;
43
0
    requester.common.peer_info.peer_cert_chain[0] = Some(get_rsp_cert_chain_buff());
44
45
0
    let _ = requester
46
0
        .send_receive_spdm_challenge(
47
            0,
48
0
            SpdmMeasurementSummaryHashType::SpdmMeasurementSummaryHashTypeNone,
49
0
            Some(SpdmChallengeContextStruct::default()),
50
        )
51
0
        .await
52
0
        .is_err();
53
0
}
54
55
#[cfg(not(feature = "use_libfuzzer"))]
56
fn main() {
57
    #[cfg(all(feature = "fuzzlogfile", feature = "fuzz"))]
58
    flexi_logger::Logger::try_with_str("info")
59
        .unwrap()
60
        .log_to_file(
61
            FileSpec::default()
62
                .directory("traces")
63
                .basename("foo")
64
                .discriminant("Sample4711A")
65
                .suffix("trc"),
66
        )
67
        .print_message()
68
        .create_symlink("current_run")
69
        .start()
70
        .unwrap();
71
72
    #[cfg(not(feature = "fuzz"))]
73
    {
74
        let args: Vec<String> = std::env::args().collect();
75
        if args.len() < 2 {
76
            // Here you can replace the single-step debugging value in the fuzzdata array.
77
            let fuzzdata = vec![
78
                0x1, 0x0, 0x1, 0x0, 0x30, 0x0, 0x0, 0x0, 0x11, 0x3, 0x0, 0x1, 0x28, 0xaf, 0x70,
79
                0x27, 0xbc, 0x2d, 0x95, 0xb5, 0xa0, 0xe4, 0x26, 0x4, 0xc5, 0x8c, 0x5c, 0x3c, 0xbf,
80
                0xa2, 0xc8, 0x24, 0xa6, 0x30, 0xca, 0x2f, 0xf, 0x4a, 0x79, 0x35, 0x57, 0xfb, 0x39,
81
                0x3b, 0xdd, 0x8a, 0xc8, 0x8a, 0x92, 0xd8, 0xa3, 0x70, 0x17, 0x12, 0x83, 0x9b, 0x66,
82
                0xe1, 0x3a, 0x3a, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
83
                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
84
                0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0, 0x0, 0x3, 0x76, 0xd, 0x57, 0x9b,
85
                0xaf, 0xe9, 0x6f, 0xc2, 0x5c, 0x2f, 0x3a, 0xfb, 0x81, 0xb, 0x4f, 0xa4, 0x5a, 0x65,
86
                0x4a, 0xc8, 0x64, 0x38, 0x91, 0xb1, 0x89, 0x8d, 0x42, 0xe9, 0xff, 0x55, 0xb, 0xfd,
87
                0xb1, 0xe1, 0x3c, 0x19, 0x1f, 0x1e, 0x8, 0xa2, 0x78, 0xd, 0xf3, 0x6, 0x6a, 0xfa,
88
                0xe, 0xee, 0xde, 0x27, 0x9, 0xb3, 0x20, 0xa1, 0xf5, 0x8d, 0x6e, 0xfc, 0x8a, 0x30,
89
                0x91, 0x5, 0x80, 0xae, 0x89, 0xb4, 0xee, 0x38, 0xcc, 0x92, 0x8e, 0x5e, 0x5b, 0x25,
90
                0x10, 0xdb, 0xd8, 0x32, 0x11, 0xd7, 0xf8, 0x23, 0x76, 0x49, 0x3d, 0x96, 0x7e, 0xb3,
91
                0x22, 0x4c, 0x5d, 0x50, 0x79, 0x71, 0x98, 0x0, 0x0,
92
            ];
93
            executor::block_on(fuzz_send_receive_spdm_challenge(Arc::new(fuzzdata)));
94
        } else {
95
            let path = &args[1];
96
            let data = std::fs::read(path).expect("read crash file fail");
97
            executor::block_on(fuzz_send_receive_spdm_challenge(Arc::new(data)));
98
        }
99
    }
100
    #[cfg(feature = "fuzz")]
101
    afl::fuzz!(|data: &[u8]| {
102
        executor::block_on(fuzz_send_receive_spdm_challenge(Arc::new(data.to_vec())));
103
    });
104
}