/* Copyright 2016 The Chromium Authors. All rights reserved. * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ #include <assert.h> #include <stddef.h> #include <stdint.h> extern "C" { #include "Capabilities.h" #include "Implementation.h" #include "tpm_types.h" #include "TpmBuildSwitches.h" #include "ExecCommand_fp.h" #include "Manufacture_fp.h" #include "Platform.h" #include "Startup_fp.h" #include "_TPM_Init_fp.h" } const uint8_t STARTUP[] = { 0x80, 0x01, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x01, 0x44, 0x00, 0x00 }; extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { uint8_t *response; unsigned response_size; /* Initialize TPM state. */ _plat__Signal_PowerOn(); _plat__NVEnable(NULL); assert(TPM_Manufacture(1) == 0); _plat__NVDisable(); _TPM_Init(); _plat__SetNvAvail(); _plat__Signal_PhysicalPresenceOn(); /* Issue the TPM2_Startup command. */ ::ExecuteCommand(sizeof(STARTUP), (uint8_t *) STARTUP, &response_size, &response); /* Issue fuzzed command. */ ::ExecuteCommand(size, (uint8_t *) data, &response_size, &response); return 0; /* Non-zero return values are reserved for future use. */ }