1 /* Copyright 2016 The Chromium Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file. */
4
5 #include <assert.h>
6 #include <stddef.h>
7 #include <stdint.h>
8
9 extern "C" {
10 #include "Capabilities.h"
11 #include "Implementation.h"
12 #include "tpm_types.h"
13 #include "TpmBuildSwitches.h"
14 #include "ExecCommand_fp.h"
15 #include "Manufacture_fp.h"
16 #include "Platform.h"
17 #include "Startup_fp.h"
18 #include "_TPM_Init_fp.h"
19 }
20
21 const uint8_t STARTUP[] = {
22 0x80, 0x01, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x01, 0x44, 0x00, 0x00
23 };
24
25
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)26 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
27 uint8_t *response;
28 unsigned response_size;
29
30 /* Initialize TPM state. */
31 _plat__Signal_PowerOn();
32 _plat__NVEnable(NULL);
33 assert(TPM_Manufacture(1) == 0);
34 _plat__NVDisable();
35 _TPM_Init();
36 _plat__SetNvAvail();
37 _plat__Signal_PhysicalPresenceOn();
38
39 /* Issue the TPM2_Startup command. */
40 ::ExecuteCommand(sizeof(STARTUP), (uint8_t *) STARTUP,
41 &response_size, &response);
42
43 /* Issue fuzzed command. */
44 ::ExecuteCommand(size, (uint8_t *) data, &response_size, &response);
45 return 0; /* Non-zero return values are reserved for future use. */
46 }
47