1 /* Copyright 2016 The Chromium Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. */ 4 5 #include <assert.h> 6 #include <stddef.h> 7 #include <stdint.h> 8 9 extern "C" { 10 #include "Capabilities.h" 11 #include "Implementation.h" 12 #include "tpm_types.h" 13 #include "TpmBuildSwitches.h" 14 #include "ExecCommand_fp.h" 15 #include "Manufacture_fp.h" 16 #include "Platform.h" 17 #include "Startup_fp.h" 18 #include "_TPM_Init_fp.h" 19 } 20 21 const uint8_t STARTUP[] = { 22 0x80, 0x01, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x01, 0x44, 0x00, 0x00 23 }; 24 25 26 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 27 uint8_t *response; 28 unsigned response_size; 29 30 /* Initialize TPM state. */ 31 _plat__Signal_PowerOn(); 32 _plat__NVEnable(NULL); 33 assert(TPM_Manufacture(1) == 0); 34 _plat__NVDisable(); 35 _TPM_Init(); 36 _plat__SetNvAvail(); 37 _plat__Signal_PhysicalPresenceOn(); 38 39 /* Issue the TPM2_Startup command. */ 40 ::ExecuteCommand(sizeof(STARTUP), (uint8_t *) STARTUP, 41 &response_size, &response); 42 43 /* Issue fuzzed command. */ 44 ::ExecuteCommand(size, (uint8_t *) data, &response_size, &response); 45 return 0; /* Non-zero return values are reserved for future use. */ 46 } 47
