From 8887ded68752e31e96d1fcbdb4831eb9f39f94e4 Mon Sep 17 00:00:00 2001 From: Xiao Date: Fri, 29 Mar 2024 13:46:31 +0800 Subject: [PATCH] Add fuzz testing for supported_event_types Signed-off-by: Xiao --- CMakeLists.txt | 2 + unit_test/fuzzing/fuzzing_AFL.sh | 2 + unit_test/fuzzing/fuzzing_AFLTurbo.sh | 2 + unit_test/fuzzing/fuzzing_AFLplusplus.sh | 2 + unit_test/fuzzing/fuzzing_LibFuzzer.sh | 2 + .../get_event_types.rew | Bin 0 -> 34 bytes .../supported_event_types.raw | Bin 0 -> 4 bytes .../CMakeLists.txt | 63 ++++++++ .../get_event_types.c | 146 ++++++++++++++++++ .../CMakeLists.txt | 61 ++++++++ .../event_types.c | 103 ++++++++++++ 11 files changed, 383 insertions(+) create mode 100644 unit_test/fuzzing/seeds/test_spdm_requester_get_event_types/get_event_types.rew create mode 100644 unit_test/fuzzing/seeds/test_spdm_responder_supported_event_types/supported_event_types.raw create mode 100644 unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types/CMakeLists.txt create mode 100644 unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types/get_event_types.c create mode 100644 unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types/CMakeLists.txt create mode 100644 unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types/event_types.c diff --git a/CMakeLists.txt b/CMakeLists.txt index f6cf17d269d..b2253119786 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -998,6 +998,8 @@ else() ADD_SUBDIRECTORY(unit_test/fuzzing/test_spdm_common/test_process_opaque_data) ADD_SUBDIRECTORY(unit_test/fuzzing/test_responder/test_spdm_responder_chunk_send_ack) ADD_SUBDIRECTORY(unit_test/fuzzing/test_requester/test_spdm_requester_chunk_send) + ADD_SUBDIRECTORY(unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types) + ADD_SUBDIRECTORY(unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types) endif() ADD_SUBDIRECTORY(os_stub/cryptlib_null) diff --git a/unit_test/fuzzing/fuzzing_AFL.sh b/unit_test/fuzzing/fuzzing_AFL.sh index 66af29b3b65..b2d8eaa4076 100755 --- a/unit_test/fuzzing/fuzzing_AFL.sh +++ b/unit_test/fuzzing/fuzzing_AFL.sh @@ -155,6 +155,8 @@ test_spdm_responder_chunk_get test_spdm_requester_chunk_get test_spdm_responder_chunk_send_ack test_spdm_requester_chunk_send +test_spdm_responder_supported_event_types +test_spdm_requester_get_event_types ) for ((i=0;i<${#cmds[*]};i++)) do diff --git a/unit_test/fuzzing/fuzzing_AFLTurbo.sh b/unit_test/fuzzing/fuzzing_AFLTurbo.sh index 46f47f73993..43b55a058af 100755 --- a/unit_test/fuzzing/fuzzing_AFLTurbo.sh +++ b/unit_test/fuzzing/fuzzing_AFLTurbo.sh @@ -156,6 +156,8 @@ test_spdm_responder_chunk_get test_spdm_requester_chunk_get test_spdm_responder_chunk_send_ack test_spdm_requester_chunk_send +test_spdm_responder_supported_event_types +test_spdm_requester_get_event_types ) export FUZZ_START_TIME=`date +%Y-%m-%d_%H:%M:%S` diff --git a/unit_test/fuzzing/fuzzing_AFLplusplus.sh b/unit_test/fuzzing/fuzzing_AFLplusplus.sh index ba514e87dec..1218964ec9e 100644 --- a/unit_test/fuzzing/fuzzing_AFLplusplus.sh +++ b/unit_test/fuzzing/fuzzing_AFLplusplus.sh @@ -164,6 +164,8 @@ test_spdm_responder_chunk_get test_spdm_requester_chunk_get test_spdm_responder_chunk_send_ack test_spdm_requester_chunk_send +test_spdm_responder_supported_event_types +test_spdm_requester_get_event_types ) export FUZZ_START_TIME=`date +%Y-%m-%d_%H:%M:%S` diff --git a/unit_test/fuzzing/fuzzing_LibFuzzer.sh b/unit_test/fuzzing/fuzzing_LibFuzzer.sh index 8a0279132cc..eaa1f9047c9 100755 --- a/unit_test/fuzzing/fuzzing_LibFuzzer.sh +++ b/unit_test/fuzzing/fuzzing_LibFuzzer.sh @@ -126,6 +126,8 @@ test_spdm_responder_chunk_get test_spdm_requester_chunk_get test_spdm_responder_chunk_send_ack test_spdm_requester_chunk_send +test_spdm_responder_supported_event_types +test_spdm_requester_get_event_types ) object_parameters=() cp -r $fuzzing_seeds ./ diff --git a/unit_test/fuzzing/seeds/test_spdm_requester_get_event_types/get_event_types.rew b/unit_test/fuzzing/seeds/test_spdm_requester_get_event_types/get_event_types.rew new file mode 100644 index 0000000000000000000000000000000000000000..c30d8e2d21784a9ed42296f8c3157665ebe500e6 GIT binary patch literal 34 ccmWemVq}nF009;TMlcN`nShuXEXKe9024d_pa1{> literal 0 HcmV?d00001 diff --git a/unit_test/fuzzing/seeds/test_spdm_responder_supported_event_types/supported_event_types.raw b/unit_test/fuzzing/seeds/test_spdm_responder_supported_event_types/supported_event_types.raw new file mode 100644 index 0000000000000000000000000000000000000000..dd0f33ae565015837470b8a8aed9a0dcd99c8c24 GIT binary patch literal 4 LcmWfB#J~Um0`>s* literal 0 HcmV?d00001 diff --git a/unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types/CMakeLists.txt b/unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types/CMakeLists.txt new file mode 100644 index 00000000000..05dda5f52ed --- /dev/null +++ b/unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types/CMakeLists.txt @@ -0,0 +1,63 @@ +cmake_minimum_required(VERSION 2.8.12) +INCLUDE_DIRECTORIES(${LIBSPDM_DIR}/unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types + ${LIBSPDM_DIR}/include + ${LIBSPDM_DIR}/unit_test/include + ${LIBSPDM_DIR}/unit_test/cmockalib/cmocka/include + ${LIBSPDM_DIR}/unit_test/cmockalib/cmocka/include/cmockery + ${LIBSPDM_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common + ${LIBSPDM_DIR}/os_stub/spdm_device_secret_lib_sample + ${LIBSPDM_DIR}/os_stub/include + ${LIBSPDM_DIR}/os_stub +) + +if(TOOLCHAIN STREQUAL "KLEE") + INCLUDE_DIRECTORIES($ENV{KLEE_SRC_PATH}/include) +endif() + +SET(src_test_spdm_requester_get_event_types + get_event_types.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/common.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/toolchain_harness.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/algo.c +) + +SET(test_spdm_requester_get_event_types_LIBRARY + memlib + debuglib + spdm_requester_lib + spdm_common_lib + ${CRYPTO_LIB_PATHS} + rnglib + platform_lib_null + cryptlib_${CRYPTO} + malloclib + spdm_crypt_lib + spdm_crypt_ext_lib + spdm_secured_message_lib + spdm_transport_test_lib + spdm_device_secret_lib_sample + cmockalib +) + +if((TOOLCHAIN STREQUAL "KLEE") OR (TOOLCHAIN STREQUAL "CBMC")) + ADD_EXECUTABLE(test_spdm_requester_get_event_types + ${src_test_spdm_requester_get_event_types} + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + ) +else() + ADD_EXECUTABLE(test_spdm_requester_get_event_types ${src_test_spdm_requester_get_event_types}) + TARGET_LINK_LIBRARIES(test_spdm_requester_get_event_types ${test_spdm_requester_get_event_types_LIBRARY}) +endif() diff --git a/unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types/get_event_types.c b/unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types/get_event_types.c new file mode 100644 index 00000000000..6e70e01b602 --- /dev/null +++ b/unit_test/fuzzing/test_requester/test_spdm_requester_get_event_types/get_event_types.c @@ -0,0 +1,146 @@ +/** + * Copyright Notice: + * Copyright 2021-2024 DMTF. All rights reserved. + * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md + **/ + +#include "internal/libspdm_requester_lib.h" +#include "spdm_device_secret_lib_internal.h" +#include "spdm_unit_fuzzing.h" +#include "toolchain_harness.h" + +#if LIBSPDM_ENABLE_CAPABILITY_EVENT_CAP + +uint8_t temp_buf[LIBSPDM_RECEIVER_BUFFER_SIZE]; + +static const uint32_t m_session_id = 0xffffffff; + +size_t libspdm_get_max_buffer_size(void) +{ + return LIBSPDM_MAX_SPDM_MSG_SIZE; +} + +libspdm_return_t libspdm_device_send_message(void *spdm_context, + size_t request_size, const void *request, + uint64_t timeout) +{ + return LIBSPDM_STATUS_SUCCESS; +} + +libspdm_return_t libspdm_device_receive_message(void *spdm_context, + size_t *response_size, + void **response, + uint64_t timeout) +{ + libspdm_test_context_t *spdm_test_context; + uint8_t *spdm_response; + size_t spdm_response_size; + size_t test_message_header_size; + uint32_t session_id; + libspdm_session_info_t *session_info; + + spdm_test_context = libspdm_get_test_context(); + + session_id = m_session_id; + session_info = libspdm_get_session_info_via_session_id(spdm_context, session_id); + + test_message_header_size = LIBSPDM_TEST_TRANSPORT_HEADER_SIZE; + spdm_response = (void *)((uint8_t *)temp_buf + test_message_header_size); + spdm_response_size = spdm_test_context->test_buffer_size; + if (spdm_response_size > sizeof(temp_buf) - test_message_header_size - LIBSPDM_TEST_ALIGNMENT) { + spdm_response_size = sizeof(temp_buf) - test_message_header_size - LIBSPDM_TEST_ALIGNMENT; + } + libspdm_copy_mem((uint8_t *)temp_buf + test_message_header_size, + sizeof(temp_buf) - test_message_header_size, + spdm_test_context->test_buffer, + spdm_response_size); + + libspdm_transport_test_encode_message(spdm_context, &session_id, + false, false, spdm_response_size, + spdm_response, response_size, response); + + /* Workaround: Use single context to encode message and then decode message. */ + ((libspdm_secured_message_context_t *)(session_info->secured_message_context))-> + application_secret.response_data_sequence_number--; + + return LIBSPDM_STATUS_SUCCESS; +} + +static void libspdm_test_requester_get_event_types_case1(void **state) +{ + libspdm_test_context_t *spdm_test_context; + libspdm_context_t *spdm_context; + libspdm_session_info_t *session_info; + uint32_t session_id; + uint8_t event_group_count; + uint8_t supported_event_groups_list[LIBSPDM_MAX_SPDM_MSG_SIZE]; + uint32_t supported_event_groups_list_len; + + spdm_test_context = *state; + spdm_context = spdm_test_context->spdm_context; + + spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 << + SPDM_VERSION_NUMBER_SHIFT_BIT; + spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; + + spdm_context->connection_info.capability.flags = + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EVENT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; + + spdm_context->local_context.capability.flags = + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP; + + spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; + spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; + spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; + spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; + + session_id = m_session_id; + session_info = &spdm_context->session_info[0]; + libspdm_session_info_init(spdm_context, session_info, session_id, true); + libspdm_secured_message_set_session_state( + session_info->secured_message_context, LIBSPDM_SESSION_STATE_ESTABLISHED); + + supported_event_groups_list_len = sizeof(supported_event_groups_list); + libspdm_get_event_types(spdm_context, session_id, &event_group_count, + &supported_event_groups_list_len, + (void *)&supported_event_groups_list); +} + +libspdm_test_context_t m_libspdm_requester_event_types_test_context = { + LIBSPDM_TEST_CONTEXT_VERSION, + true, + libspdm_device_send_message, + libspdm_device_receive_message, +}; + +void libspdm_run_test_harness(void *test_buffer, size_t test_buffer_size) +{ + void *State; + + libspdm_setup_test_context(&m_libspdm_requester_event_types_test_context); + + m_libspdm_requester_event_types_test_context.test_buffer = test_buffer; + m_libspdm_requester_event_types_test_context.test_buffer_size = + test_buffer_size; + + /* Successful response*/ + libspdm_unit_test_group_setup(&State); + libspdm_test_requester_get_event_types_case1(&State); + libspdm_unit_test_group_teardown(&State); + +} +#else +size_t libspdm_get_max_buffer_size(void) +{ + return 0; +} + +void libspdm_run_test_harness(void *test_buffer, size_t test_buffer_size){ + +} +#endif /*LIBSPDM_ENABLE_CAPABILITY_EVENT_CAP*/ diff --git a/unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types/CMakeLists.txt b/unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types/CMakeLists.txt new file mode 100644 index 00000000000..62dc0bbc955 --- /dev/null +++ b/unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types/CMakeLists.txt @@ -0,0 +1,61 @@ +cmake_minimum_required(VERSION 2.8.12) + +INCLUDE_DIRECTORIES(${LIBSPDM_DIR}/unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types + ${LIBSPDM_DIR}/include + ${LIBSPDM_DIR}/unit_test/include + ${LIBSPDM_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common + ${LIBSPDM_DIR}/os_stub/include + ${LIBSPDM_DIR}/os_stub +) + +if(TOOLCHAIN STREQUAL "KLEE") + INCLUDE_DIRECTORIES($ENV{KLEE_SRC_PATH}/include) +endif() + +SET(src_test_spdm_responder_supported_event_types + event_types.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/common.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/toolchain_harness.c + ${PROJECT_SOURCE_DIR}/unit_test/fuzzing/spdm_unit_fuzzing_common/algo.c +) + +SET(test_spdm_responder_supported_event_types_LIBRARY + memlib + debuglib + spdm_responder_lib + spdm_common_lib + ${CRYPTO_LIB_PATHS} + rnglib + cryptlib_${CRYPTO} + malloclib + spdm_crypt_lib + spdm_crypt_ext_lib + spdm_secured_message_lib + spdm_transport_test_lib + spdm_device_secret_lib_sample + cmockalib + platform_lib_null +) + +if((TOOLCHAIN STREQUAL "KLEE") OR (TOOLCHAIN STREQUAL "CBMC")) + ADD_EXECUTABLE(test_spdm_responder_supported_event_types + ${src_test_spdm_responder_supported_event_types} + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + $ + ) +else() + ADD_EXECUTABLE(test_spdm_responder_supported_event_types ${src_test_spdm_responder_supported_event_types}) + TARGET_LINK_LIBRARIES(test_spdm_responder_supported_event_types ${test_spdm_responder_supported_event_types_LIBRARY}) +endif() diff --git a/unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types/event_types.c b/unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types/event_types.c new file mode 100644 index 00000000000..a21d80ef155 --- /dev/null +++ b/unit_test/fuzzing/test_responder/test_spdm_responder_supported_event_types/event_types.c @@ -0,0 +1,103 @@ +/** + * Copyright Notice: + * Copyright 2021-2024 DMTF. All rights reserved. + * License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md + **/ + +#include "spdm_unit_fuzzing.h" +#include "toolchain_harness.h" +#include "internal/libspdm_responder_lib.h" + +#if LIBSPDM_ENABLE_CAPABILITY_EVENT_CAP + +size_t libspdm_get_max_buffer_size(void) +{ + return LIBSPDM_MAX_SPDM_MSG_SIZE; +} + +void libspdm_test_responder_event_types_case1(void **State) +{ + libspdm_test_context_t *spdm_test_context; + libspdm_context_t *spdm_context; + libspdm_session_info_t *session_info; + uint32_t session_id; + size_t response_size; + uint8_t response[LIBSPDM_MAX_SPDM_MSG_SIZE]; + + spdm_test_context = *State; + spdm_context = spdm_test_context->spdm_context; + + spdm_context->connection_info.version = SPDM_MESSAGE_VERSION_13 << + SPDM_VERSION_NUMBER_SHIFT_BIT; + spdm_context->connection_info.connection_state = LIBSPDM_CONNECTION_STATE_NEGOTIATED; + spdm_context->response_state = LIBSPDM_RESPONSE_STATE_NORMAL; + + spdm_context->connection_info.capability.flags = + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_ENCRYPT_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_MAC_CAP | + SPDM_GET_CAPABILITIES_REQUEST_FLAGS_KEY_EX_CAP; + + spdm_context->local_context.capability.flags = + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_EVENT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_ENCRYPT_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_MAC_CAP | + SPDM_GET_CAPABILITIES_RESPONSE_FLAGS_KEY_EX_CAP; + + spdm_context->connection_info.algorithm.base_hash_algo = m_libspdm_use_hash_algo; + spdm_context->connection_info.algorithm.base_asym_algo = m_libspdm_use_asym_algo; + spdm_context->connection_info.algorithm.dhe_named_group = m_libspdm_use_dhe_algo; + spdm_context->connection_info.algorithm.aead_cipher_suite = m_libspdm_use_aead_algo; + + session_id = 0xFFFFFFFF; + spdm_context->latest_session_id = session_id; + spdm_context->last_spdm_request_session_id_valid = true; + spdm_context->last_spdm_request_session_id = session_id; + session_info = &spdm_context->session_info[0]; + libspdm_session_info_init(spdm_context, session_info, session_id, true); + libspdm_secured_message_set_session_state( + session_info->secured_message_context, + LIBSPDM_SESSION_STATE_ESTABLISHED); + + response_size = sizeof(response); + libspdm_get_response_supported_event_types(spdm_context, + spdm_test_context->test_buffer_size, + spdm_test_context->test_buffer, + &response_size, response); +} + +libspdm_test_context_t m_libspdm_responder_event_types_test_context = { + LIBSPDM_TEST_CONTEXT_VERSION, + false, +}; + +void libspdm_run_test_harness(void *test_buffer, size_t test_buffer_size) +{ + void *State; + spdm_message_header_t *spdm_request_header; + libspdm_setup_test_context(&m_libspdm_responder_event_types_test_context); + + spdm_request_header = (spdm_message_header_t*)test_buffer; + + if (spdm_request_header->request_response_code != SPDM_GET_SUPPORTED_EVENT_TYPES) { + spdm_request_header->request_response_code = SPDM_GET_SUPPORTED_EVENT_TYPES; + } + + m_libspdm_responder_event_types_test_context.test_buffer = test_buffer; + m_libspdm_responder_event_types_test_context.test_buffer_size = + test_buffer_size; + + /* Success Case*/ + libspdm_unit_test_group_setup(&State); + libspdm_test_responder_event_types_case1(&State); + libspdm_unit_test_group_teardown(&State); +} +#else +size_t libspdm_get_max_buffer_size(void) +{ + return 0; +} + +void libspdm_run_test_harness(void *test_buffer, size_t test_buffer_size){ + +} +#endif /*LIBSPDM_ENABLE_CAPABILITY_EVENT_CAP*/