diff --git a/CMakeLists.txt b/CMakeLists.txt index b2253119786..5525792a9dc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1000,6 +1000,8 @@ else() ADD_SUBDIRECTORY(unit_test/fuzzing/test_requester/test_spdm_requester_chunk_send) ADD_SUBDIRECTORY(unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types) ADD_SUBDIRECTORY(unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types) + ADD_SUBDIRECTORY(unit_test/fuzzing/test_requester/test_spdm_requester_vendor_cmds) + ADD_SUBDIRECTORY(unit_test/fuzzing/test_responder/test_spdm_responder_vendor_cmds) endif() ADD_SUBDIRECTORY(os_stub/cryptlib_null) diff --git a/unit_test/fuzzing/fuzzing_AFL.sh b/unit_test/fuzzing/fuzzing_AFL.sh index b2d8eaa4076..a1436a79bfe 100755 --- a/unit_test/fuzzing/fuzzing_AFL.sh +++ b/unit_test/fuzzing/fuzzing_AFL.sh @@ -157,6 +157,8 @@ test_spdm_responder_chunk_send_ack test_spdm_requester_chunk_send test_spdm_responder_supported_event_types test_spdm_requester_get_event_types +test_spdm_requester_vendor_cmds +test_spdm_responder_vendor_cmds ) for ((i=0;i<${#cmds[*]};i++)) do diff --git a/unit_test/fuzzing/fuzzing_AFLTurbo.sh b/unit_test/fuzzing/fuzzing_AFLTurbo.sh index 43b55a058af..88bf17c28f8 100755 --- a/unit_test/fuzzing/fuzzing_AFLTurbo.sh +++ b/unit_test/fuzzing/fuzzing_AFLTurbo.sh @@ -158,6 +158,8 @@ test_spdm_responder_chunk_send_ack test_spdm_requester_chunk_send test_spdm_responder_supported_event_types test_spdm_requester_get_event_types +test_spdm_requester_vendor_cmds +test_spdm_responder_vendor_cmds ) export FUZZ_START_TIME=`date +%Y-%m-%d_%H:%M:%S` diff --git a/unit_test/fuzzing/fuzzing_AFLplusplus.sh b/unit_test/fuzzing/fuzzing_AFLplusplus.sh index 1218964ec9e..61f96d7473a 100644 --- a/unit_test/fuzzing/fuzzing_AFLplusplus.sh +++ b/unit_test/fuzzing/fuzzing_AFLplusplus.sh @@ -166,6 +166,8 @@ test_spdm_responder_chunk_send_ack test_spdm_requester_chunk_send test_spdm_responder_supported_event_types test_spdm_requester_get_event_types +test_spdm_requester_vendor_cmds +test_spdm_responder_vendor_cmds ) export FUZZ_START_TIME=`date +%Y-%m-%d_%H:%M:%S` diff --git a/unit_test/fuzzing/fuzzing_LibFuzzer.sh b/unit_test/fuzzing/fuzzing_LibFuzzer.sh index eaa1f9047c9..24e46c90ae8 100755 --- a/unit_test/fuzzing/fuzzing_LibFuzzer.sh +++ b/unit_test/fuzzing/fuzzing_LibFuzzer.sh @@ -128,6 +128,8 @@ test_spdm_responder_chunk_send_ack test_spdm_requester_chunk_send test_spdm_responder_supported_event_types test_spdm_requester_get_event_types +test_spdm_requester_vendor_cmds +test_spdm_responder_vendor_cmds ) object_parameters=() cp -r $fuzzing_seeds ./ diff --git a/unit_test/fuzzing/oss_fuzz.sh b/unit_test/fuzzing/oss_fuzz.sh index a4bfb7ba850..dba06942f0f 100755 --- a/unit_test/fuzzing/oss_fuzz.sh +++ b/unit_test/fuzzing/oss_fuzz.sh @@ -112,6 +112,8 @@ test_spdm_responder_heartbeat_ack test_spdm_responder_key_update test_spdm_responder_end_session test_spdm_responder_if_ready +test_spdm_requester_vendor_cmds +test_spdm_responder_vendor_cmds ) for ((i=0;i<${#cmds[*]};i++)) diff --git a/unit_test/fuzzing/run_initial_seed.sh b/unit_test/fuzzing/run_initial_seed.sh index b5cd57daa25..a867efdb009 100755 --- a/unit_test/fuzzing/run_initial_seed.sh +++ b/unit_test/fuzzing/run_initial_seed.sh @@ -49,6 +49,8 @@ test_spdm_responder_key_update test_spdm_responder_end_session test_spdm_responder_if_ready test_x509_certificate_check +test_spdm_requester_vendor_cmds +test_spdm_responder_vendor_cmds ) flag=0 diff --git a/unit_test/fuzzing/seeds/test_spdm_requester_vendor_cmds/rsp_vendor_cmds.raw b/unit_test/fuzzing/seeds/test_spdm_requester_vendor_cmds/rsp_vendor_cmds.raw new file mode 100644 index 00000000000..e3aac44c318 Binary files /dev/null and b/unit_test/fuzzing/seeds/test_spdm_requester_vendor_cmds/rsp_vendor_cmds.raw differ diff --git a/unit_test/fuzzing/seeds/test_spdm_responder_vendor_cmds/vendor_cmds.raw b/unit_test/fuzzing/seeds/test_spdm_responder_vendor_cmds/vendor_cmds.raw new file mode 100644 index 00000000000..0f537e0fb2c Binary files /dev/null and b/unit_test/fuzzing/seeds/test_spdm_responder_vendor_cmds/vendor_cmds.raw differ diff --git a/unit_test/fuzzing/test_requester/test_spdm_requester_vendor_cmds/CMakeLists.txt b/unit_test/fuzzing/test_requester/test_spdm_requester_vendor_cmds/CMakeLists.txt new file mode 100644 index 00000000000..957b47250c3 --- /dev/null +++ b/unit_test/fuzzing/test_requester/test_spdm_requester_vendor_cmds/CMakeLists.txt @@ -0,0 +1,63 @@ +cmake_minimum_required(VERSION 2.8.12) +INCLUDE_DIRECTORIES(${LIBSPDM_DIR}/unit_test/fuzzing/test_requester/test_spdm_requester_vendor_cmds + ${LIBSPDM_DIR}/include + ${LIBSPDM_DIR}/unit_test/include + ${LIBSPDM_DIR}/unit_test/cmockalib/cmocka/include + ${LIBSPDM_DIR}/unit_test/cmockalib/cmocka/include/cmockery + ${LIBSPDM_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common + ${LIBSPDM_DIR}/os_stub/spdm_device_secret_lib_sample + ${LIBSPDM_DIR}/os_stub/include + ${LIBSPDM_DIR}/os_stub +) + +if(TOOLCHAIN STREQUAL "KLEE") + INCLUDE_DIRECTORIES($ENV{KLEE_SRC_PATH}/include) +endif() + +SET(src_test_spdm_requester_vendor_cmds + vendor_cmds.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/common.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/toolchain_harness.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/algo.c +) + +SET(test_spdm_requester_vendor_cmds_LIBRARY + memlib + debuglib + spdm_requester_lib + spdm_common_lib + ${CRYPTO_LIB_PATHS} + rnglib + platform_lib_null + cryptlib_${CRYPTO} + malloclib + spdm_crypt_lib + spdm_crypt_ext_lib + spdm_secured_message_lib + spdm_transport_test_lib + spdm_device_secret_lib_sample + cmockalib +) + +if((TOOLCHAIN STREQUAL "KLEE") OR (TOOLCHAIN STREQUAL "CBMC")) + ADD_EXECUTABLE(test_spdm_requester_vendor_cmds + ${src_test_spdm_requester_vendor_cmds} + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + ) +else() + ADD_EXECUTABLE(test_spdm_requester_vendor_cmds ${src_test_spdm_requester_vendor_cmds}) + TARGET_LINK_LIBRARIES(test_spdm_requester_vendor_cmds ${test_spdm_requester_vendor_cmds_LIBRARY}) +endif() diff --git a/unit_test/fuzzing/test_requester/test_spdm_requester_vendor_cmds/vendor_cmds.c b/unit_test/fuzzing/test_requester/test_spdm_requester_vendor_cmds/vendor_cmds.c new file mode 100644 index 00000000000..900cac62d89 --- /dev/null +++ b/unit_test/fuzzing/test_requester/test_spdm_requester_vendor_cmds/vendor_cmds.c @@ -0,0 +1,149 @@ +/** + * Copyright Notice: + * Copyright 2021-2024 DMTF. All rights reserved. + * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md + **/ + +#include "internal/libspdm_requester_lib.h" +#include "spdm_device_secret_lib_internal.h" +#include "spdm_unit_fuzzing.h" +#include "toolchain_harness.h" + +#if LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES + +typedef struct { + spdm_message_header_t header; + uint16_t standard_id; + uint8_t vendor_id_len; + uint8_t vendor_id[SPDM_MAX_VENDOR_ID_LENGTH]; + uint16_t data_len; + uint8_t data[SPDM_MAX_VENDOR_DEFINED_DATA_LEN]; +} libspdm_vendor_request_test; + +typedef struct { + spdm_message_header_t header; + uint16_t standard_id; + uint8_t vendor_id_len; + uint8_t vendor_id[SPDM_MAX_VENDOR_ID_LENGTH]; + uint16_t data_len; + uint8_t data[SPDM_MAX_VENDOR_DEFINED_DATA_LEN]; +} libspdm_vendor_response_test; +#pragma pack() + + +uint8_t temp_buf[LIBSPDM_RECEIVER_BUFFER_SIZE]; + +size_t libspdm_get_max_buffer_size(void) +{ + return LIBSPDM_MAX_SPDM_MSG_SIZE; +} + +libspdm_return_t libspdm_device_send_message(void *spdm_context, + size_t request_size, const void *request, + uint64_t timeout) +{ + return LIBSPDM_STATUS_SUCCESS; +} + +libspdm_return_t libspdm_device_receive_message(void *spdm_context, + size_t *response_size, + void **response, + uint64_t timeout) +{ + libspdm_test_context_t *spdm_test_context; + uint8_t *spdm_response; + size_t spdm_response_size; + size_t test_message_header_size; + + spdm_test_context = libspdm_get_test_context(); + + test_message_header_size = LIBSPDM_TEST_TRANSPORT_HEADER_SIZE; + spdm_response = (void *)((uint8_t *)temp_buf + test_message_header_size); + spdm_response_size = spdm_test_context->test_buffer_size; + if (spdm_response_size > sizeof(temp_buf) - test_message_header_size - LIBSPDM_TEST_ALIGNMENT) { + spdm_response_size = sizeof(temp_buf) - test_message_header_size - LIBSPDM_TEST_ALIGNMENT; + } + libspdm_copy_mem((uint8_t *)temp_buf + test_message_header_size, + sizeof(temp_buf) - test_message_header_size, + spdm_test_context->test_buffer, + spdm_response_size); + + libspdm_transport_test_encode_message(spdm_context, NULL, + false, false, spdm_response_size, + spdm_response, response_size, response); + + return LIBSPDM_STATUS_SUCCESS; +} + + + +static void libspdm_test_requester_vendor_cmds_case1(void **state) +{ + libspdm_test_context_t *spdm_test_context; + libspdm_context_t *spdm_context; + libspdm_vendor_request_test request = {0}; + libspdm_vendor_response_test response = {0}; + + spdm_test_context = *state; + spdm_context = spdm_test_context->spdm_context; + + spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_10 << + SPDM_VERSION_NUMBER_SHIFT_BIT; + spdm_context->connection_info.connection_state = + LIBSPDM_CONNECTION_STATE_NEGOTIATED; + spdm_context->local_context.is_requester = true; + + response.vendor_id_len = SPDM_MAX_VENDOR_ID_LENGTH; + response.data_len = SPDM_MAX_VENDOR_DEFINED_DATA_LEN; + + request.standard_id = 0x01; + request.vendor_id_len = 1; + libspdm_set_mem(request.vendor_id, request.vendor_id_len, 0xAA); + request.data_len = 1; + libspdm_set_mem(request.data, request.data_len, 0xAA); + + libspdm_vendor_send_request_receive_response(spdm_context, NULL, + request.standard_id, + request.vendor_id_len, + request.vendor_id, request.data_len, + request.data, + &response.standard_id, + &response.vendor_id_len, + response.vendor_id, &response.data_len, + response.data); +} + + +libspdm_test_context_t m_libspdm_requester_event_types_test_context = { + LIBSPDM_TEST_CONTEXT_VERSION, + true, + libspdm_device_send_message, + libspdm_device_receive_message, +}; + +void libspdm_run_test_harness(void *test_buffer, size_t test_buffer_size) +{ + void *State; + + libspdm_setup_test_context(&m_libspdm_requester_event_types_test_context); + + m_libspdm_requester_event_types_test_context.test_buffer = test_buffer; + m_libspdm_requester_event_types_test_context.test_buffer_size = + test_buffer_size; + + /* Successful response*/ + libspdm_unit_test_group_setup(&State); + libspdm_test_requester_vendor_cmds_case1(&State); + libspdm_unit_test_group_teardown(&State); + +} +#else +size_t libspdm_get_max_buffer_size(void) +{ + return 0; +} + +void libspdm_run_test_harness(void *test_buffer, size_t test_buffer_size){ + +} +#endif /*LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES*/ diff --git a/unit_test/fuzzing/test_responder/test_spdm_responder_vendor_cmds/CMakeLists.txt b/unit_test/fuzzing/test_responder/test_spdm_responder_vendor_cmds/CMakeLists.txt new file mode 100644 index 00000000000..f03c063dbaa --- /dev/null +++ b/unit_test/fuzzing/test_responder/test_spdm_responder_vendor_cmds/CMakeLists.txt @@ -0,0 +1,61 @@ +cmake_minimum_required(VERSION 2.8.12) + +INCLUDE_DIRECTORIES(${LIBSPDM_DIR}/unit_test/fuzzing/test_responder/test_spdm_responder_vendor_cmds + ${LIBSPDM_DIR}/include + ${LIBSPDM_DIR}/unit_test/include + ${LIBSPDM_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common + ${LIBSPDM_DIR}/os_stub/include + ${LIBSPDM_DIR}/os_stub +) + +if(TOOLCHAIN STREQUAL "KLEE") + INCLUDE_DIRECTORIES($ENV{KLEE_SRC_PATH}/include) +endif() + +SET(src_test_spdm_responder_vendor_cmds + vendor_cmds.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/common.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/toolchain_harness.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/algo.c +) + +SET(test_spdm_responder_vendor_cmds_LIBRARY + memlib + debuglib + spdm_responder_lib + spdm_common_lib + ${CRYPTO_LIB_PATHS} + rnglib + cryptlib_${CRYPTO} + malloclib + spdm_crypt_lib + spdm_crypt_ext_lib + spdm_secured_message_lib + spdm_transport_test_lib + spdm_device_secret_lib_sample + cmockalib + platform_lib_null +) + +if((TOOLCHAIN STREQUAL "KLEE") OR (TOOLCHAIN STREQUAL "CBMC")) + ADD_EXECUTABLE(test_spdm_responder_vendor_cmds + ${src_test_spdm_responder_vendor_cmds} + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + ) +else() + ADD_EXECUTABLE(test_spdm_responder_vendor_cmds ${src_test_spdm_responder_vendor_cmds}) + TARGET_LINK_LIBRARIES(test_spdm_responder_vendor_cmds ${test_spdm_responder_vendor_cmds_LIBRARY}) +endif() diff --git a/unit_test/fuzzing/test_responder/test_spdm_responder_vendor_cmds/vendor_cmds.c b/unit_test/fuzzing/test_responder/test_spdm_responder_vendor_cmds/vendor_cmds.c new file mode 100644 index 00000000000..3b6331a49bf --- /dev/null +++ b/unit_test/fuzzing/test_responder/test_spdm_responder_vendor_cmds/vendor_cmds.c @@ -0,0 +1,110 @@ +/** + * Copyright Notice: + * Copyright 2021-2024 DMTF. All rights reserved. + * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md + **/ + +#include "spdm_unit_fuzzing.h" +#include "toolchain_harness.h" +#include "internal/libspdm_responder_lib.h" + +#if LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES + +size_t libspdm_get_max_buffer_size(void) +{ + return LIBSPDM_MAX_SPDM_MSG_SIZE; +} + +libspdm_return_t libspdm_vendor_get_id_func_test( + void *spdm_context, + uint16_t *resp_standard_id, + uint8_t *resp_vendor_id_len, + void *resp_vendor_id) +{ + return LIBSPDM_STATUS_SUCCESS; +} + +libspdm_return_t libspdm_vendor_response_func_test( + void *spdm_context, + uint16_t req_standard_id, + uint8_t req_vendor_id_len, + const void *req_vendor_id, + uint16_t req_size, + const void *req_data, + uint16_t *resp_size, + void *resp_data) +{ + return LIBSPDM_STATUS_SUCCESS; +} + +void libspdm_test_responder_vendor_cmds_case1(void **State) +{ + libspdm_test_context_t *spdm_test_context; + libspdm_context_t *spdm_context; + size_t response_size; + uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; + libspdm_session_info_t *session_info; + uint32_t session_id; + + spdm_test_context = *State; + spdm_context = spdm_test_context->spdm_context; + spdm_context->connection_info.algorithm.base_hash_algo = + SPDM_ALGORITHMS_BASE_HASH_ALGO_TPM_ALG_SHA_256; + + spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_10 << + SPDM_VERSION_NUMBER_SHIFT_BIT; + spdm_context->connection_info.connection_state = + LIBSPDM_CONNECTION_STATE_NEGOTIATED; + spdm_context->local_context.is_requester = true; + + libspdm_register_vendor_get_id_callback_func(spdm_context, + libspdm_vendor_get_id_func_test); + libspdm_register_vendor_callback_func(spdm_context, + libspdm_vendor_response_func_test); + + session_id = 0xFFFFFFFF; + spdm_context->latest_session_id = session_id; + spdm_context->last_spdm_request_session_id_valid = true; + spdm_context->last_spdm_request_session_id = session_id; + session_info = &spdm_context->session_info[0]; + libspdm_session_info_init(spdm_context, session_info, session_id, true); + libspdm_secured_message_set_session_state( + session_info->secured_message_context, + LIBSPDM_SESSION_STATE_ESTABLISHED); + + response_size = sizeof(response); + libspdm_get_vendor_defined_response(spdm_context, + spdm_test_context->test_buffer_size, + spdm_test_context->test_buffer, + &response_size, response); +} + +libspdm_test_context_t m_libspdm_responder_vendor_cmds_test_context = { + LIBSPDM_TEST_CONTEXT_VERSION, + false, +}; + +void libspdm_run_test_harness(void *test_buffer, size_t test_buffer_size) +{ + void *State; + libspdm_setup_test_context(&m_libspdm_responder_vendor_cmds_test_context); + + m_libspdm_responder_vendor_cmds_test_context.test_buffer = test_buffer; + m_libspdm_responder_vendor_cmds_test_context.test_buffer_size = + test_buffer_size; + + /* Success Case*/ + libspdm_unit_test_group_setup(&State); + libspdm_test_responder_vendor_cmds_case1(&State); + libspdm_unit_test_group_teardown(&State); +} +#else +size_t libspdm_get_max_buffer_size(void) +{ + return 0; +} + +void libspdm_run_test_harness(void *test_buffer, size_t test_buffer_size){ + +} +#endif /*LIBSPDM_ENABLE_VENDOR_DEFINED_MESSAGES*/