/src/tpm2/fuzz/execute-command.cc
Line | Count | Source |
1 | | /* Copyright 2016 The Chromium Authors. All rights reserved. |
2 | | * Use of this source code is governed by a BSD-style license that can be |
3 | | * found in the LICENSE file. */ |
4 | | |
5 | | #include <assert.h> |
6 | | #include <stddef.h> |
7 | | #include <stdint.h> |
8 | | |
9 | | extern "C" { |
10 | | #include "Capabilities.h" |
11 | | #include "Implementation.h" |
12 | | #include "tpm_types.h" |
13 | | #include "TpmBuildSwitches.h" |
14 | | #include "ExecCommand_fp.h" |
15 | | #include "Manufacture_fp.h" |
16 | | #include "Platform.h" |
17 | | #include "Startup_fp.h" |
18 | | #include "_TPM_Init_fp.h" |
19 | | } |
20 | | |
21 | | const uint8_t STARTUP[] = { |
22 | | 0x80, 0x01, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x01, 0x44, 0x00, 0x00 |
23 | | }; |
24 | | |
25 | | |
26 | 253 | extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
27 | 253 | uint8_t *response; |
28 | 253 | unsigned response_size; |
29 | | |
30 | | /* Initialize TPM state. */ |
31 | 253 | _plat__Signal_PowerOn(); |
32 | 253 | _plat__NVEnable(NULL); |
33 | 253 | assert(TPM_Manufacture(1) == 0); |
34 | 253 | _plat__NVDisable(); |
35 | 253 | _TPM_Init(); |
36 | 253 | _plat__SetNvAvail(); |
37 | 253 | _plat__Signal_PhysicalPresenceOn(); |
38 | | |
39 | | /* Issue the TPM2_Startup command. */ |
40 | 253 | ::ExecuteCommand(sizeof(STARTUP), (uint8_t *) STARTUP, |
41 | 253 | &response_size, &response); |
42 | | |
43 | | /* Issue fuzzed command. */ |
44 | 253 | ::ExecuteCommand(size, (uint8_t *) data, &response_size, &response); |
45 | 253 | return 0; /* Non-zero return values are reserved for future use. */ |
46 | 253 | } |