1 // Copyright 2021 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14
15 #include "dice/android.h"
16 #include "dice/fuzz_utils.h"
17 #include "dice/utils.h"
18 #include "fuzzer/FuzzedDataProvider.h"
19
20 using dice::fuzz::ConsumeRandomLengthStringAsBytesFrom;
21 using dice::fuzz::FuzzedInputValues;
22
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)23 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
24 // Exit early if there might not be enough data to fill buffers.
25 if (size < 512) {
26 return 0;
27 }
28
29 FuzzedDataProvider fdp(data, size);
30
31 // Prepare the fuzzed inputs.
32 auto input_values = FuzzedInputValues::ConsumeFrom(fdp);
33 auto handover = ConsumeRandomLengthStringAsBytesFrom(fdp);
34
35 // Initialize output parameters with fuzz data in case they are wrongly being
36 // read from.
37 constexpr size_t kNextHandoverBufferSize = 1024;
38 auto next_handover_actual_size = fdp.ConsumeIntegral<size_t>();
39 uint8_t next_handover[kNextHandoverBufferSize] = {};
40
41 fdp.ConsumeData(&next_handover, kNextHandoverBufferSize);
42
43 // Fuzz the main flow.
44 DiceAndroidHandoverMainFlow(
45 /*context=*/NULL, handover.data(), handover.size(), input_values,
46 kNextHandoverBufferSize, next_handover, &next_handover_actual_size);
47
48 return 0;
49 }
50