1*8617a60dSAndroid Build Coastguard Worker // Copyright 2019 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker // found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker
5*8617a60dSAndroid Build Coastguard Worker #include "2api.h"
6*8617a60dSAndroid Build Coastguard Worker #include "2common.h"
7*8617a60dSAndroid Build Coastguard Worker #include "2misc.h"
8*8617a60dSAndroid Build Coastguard Worker #include "2nvstorage.h"
9*8617a60dSAndroid Build Coastguard Worker #include "2rsa.h"
10*8617a60dSAndroid Build Coastguard Worker #include "2rsa_private.h"
11*8617a60dSAndroid Build Coastguard Worker #include "2secdata.h"
12*8617a60dSAndroid Build Coastguard Worker
13*8617a60dSAndroid Build Coastguard Worker static struct vb2_context *ctx;
14*8617a60dSAndroid Build Coastguard Worker static uint8_t workbuf[VB2_FIRMWARE_WORKBUF_RECOMMENDED_SIZE]
15*8617a60dSAndroid Build Coastguard Worker __attribute__((aligned(VB2_WORKBUF_ALIGN)));
16*8617a60dSAndroid Build Coastguard Worker
17*8617a60dSAndroid Build Coastguard Worker static const uint8_t *mock_preamble;
18*8617a60dSAndroid Build Coastguard Worker static size_t mock_preamble_size;
19*8617a60dSAndroid Build Coastguard Worker
20*8617a60dSAndroid Build Coastguard Worker /* Limit exposure of code for which we didn't set up the environment right. */
vb2api_fail(struct vb2_context * c,uint8_t reason,uint8_t subcode)21*8617a60dSAndroid Build Coastguard Worker void vb2api_fail(struct vb2_context *c, uint8_t reason, uint8_t subcode)
22*8617a60dSAndroid Build Coastguard Worker {
23*8617a60dSAndroid Build Coastguard Worker return;
24*8617a60dSAndroid Build Coastguard Worker }
25*8617a60dSAndroid Build Coastguard Worker
vb2ex_read_resource(struct vb2_context * c,enum vb2_resource_index index,uint32_t offset,void * buf,uint32_t size)26*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2ex_read_resource(struct vb2_context *c,
27*8617a60dSAndroid Build Coastguard Worker enum vb2_resource_index index, uint32_t offset,
28*8617a60dSAndroid Build Coastguard Worker void *buf, uint32_t size)
29*8617a60dSAndroid Build Coastguard Worker {
30*8617a60dSAndroid Build Coastguard Worker if (index != VB2_RES_FW_VBLOCK)
31*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_EX_READ_RESOURCE_INDEX;
32*8617a60dSAndroid Build Coastguard Worker
33*8617a60dSAndroid Build Coastguard Worker /* The preamble_offset in our mock shared data is 0, so we can assume
34*8617a60dSAndroid Build Coastguard Worker that offset here is a direct offset into the preamble. */
35*8617a60dSAndroid Build Coastguard Worker if (offset > mock_preamble_size || mock_preamble_size - offset < size)
36*8617a60dSAndroid Build Coastguard Worker return VB2_ERROR_EX_READ_RESOURCE_SIZE;
37*8617a60dSAndroid Build Coastguard Worker
38*8617a60dSAndroid Build Coastguard Worker memcpy(buf, mock_preamble + offset, size);
39*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
40*8617a60dSAndroid Build Coastguard Worker }
41*8617a60dSAndroid Build Coastguard Worker
42*8617a60dSAndroid Build Coastguard Worker /* Pretend that signature checks always succeed so the fuzzer can cover more. */
vb2_check_padding(const uint8_t * sig,const struct vb2_public_key * key)43*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_check_padding(const uint8_t *sig,
44*8617a60dSAndroid Build Coastguard Worker const struct vb2_public_key *key)
45*8617a60dSAndroid Build Coastguard Worker {
46*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
47*8617a60dSAndroid Build Coastguard Worker }
48*8617a60dSAndroid Build Coastguard Worker
vb2_safe_memcmp(const void * s1,const void * s2,size_t size)49*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_safe_memcmp(const void *s1, const void *s2, size_t size)
50*8617a60dSAndroid Build Coastguard Worker {
51*8617a60dSAndroid Build Coastguard Worker return VB2_SUCCESS;
52*8617a60dSAndroid Build Coastguard Worker }
53*8617a60dSAndroid Build Coastguard Worker
54*8617a60dSAndroid Build Coastguard Worker int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)55*8617a60dSAndroid Build Coastguard Worker int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
56*8617a60dSAndroid Build Coastguard Worker const size_t datakey_size = 4096; // enough for all our signatures
57*8617a60dSAndroid Build Coastguard Worker
58*8617a60dSAndroid Build Coastguard Worker if (size < datakey_size)
59*8617a60dSAndroid Build Coastguard Worker return 0;
60*8617a60dSAndroid Build Coastguard Worker
61*8617a60dSAndroid Build Coastguard Worker if (vb2api_init(workbuf, sizeof(workbuf), &ctx))
62*8617a60dSAndroid Build Coastguard Worker abort();
63*8617a60dSAndroid Build Coastguard Worker vb2_nv_init(ctx);
64*8617a60dSAndroid Build Coastguard Worker vb2api_secdata_firmware_create(ctx);
65*8617a60dSAndroid Build Coastguard Worker vb2api_secdata_kernel_create(ctx);
66*8617a60dSAndroid Build Coastguard Worker if (vb2_secdata_firmware_init(ctx) || vb2_secdata_kernel_init(ctx))
67*8617a60dSAndroid Build Coastguard Worker abort();
68*8617a60dSAndroid Build Coastguard Worker
69*8617a60dSAndroid Build Coastguard Worker struct vb2_workbuf wb;
70*8617a60dSAndroid Build Coastguard Worker vb2_workbuf_from_ctx(ctx, &wb);
71*8617a60dSAndroid Build Coastguard Worker
72*8617a60dSAndroid Build Coastguard Worker uint8_t *key = vb2_workbuf_alloc(&wb, datakey_size);
73*8617a60dSAndroid Build Coastguard Worker if (!key)
74*8617a60dSAndroid Build Coastguard Worker abort();
75*8617a60dSAndroid Build Coastguard Worker memcpy(key, data, datakey_size);
76*8617a60dSAndroid Build Coastguard Worker
77*8617a60dSAndroid Build Coastguard Worker mock_preamble = data + datakey_size;
78*8617a60dSAndroid Build Coastguard Worker mock_preamble_size = size - datakey_size;
79*8617a60dSAndroid Build Coastguard Worker
80*8617a60dSAndroid Build Coastguard Worker struct vb2_shared_data *sd = vb2_get_sd(ctx);
81*8617a60dSAndroid Build Coastguard Worker sd->data_key_offset = vb2_offset_of(sd, key);
82*8617a60dSAndroid Build Coastguard Worker sd->data_key_size = datakey_size;
83*8617a60dSAndroid Build Coastguard Worker vb2_set_workbuf_used(ctx, sd->data_key_offset + sd->data_key_size);
84*8617a60dSAndroid Build Coastguard Worker
85*8617a60dSAndroid Build Coastguard Worker sd->vblock_preamble_offset = 0;
86*8617a60dSAndroid Build Coastguard Worker vb2_load_fw_preamble(ctx);
87*8617a60dSAndroid Build Coastguard Worker
88*8617a60dSAndroid Build Coastguard Worker return 0;
89*8617a60dSAndroid Build Coastguard Worker }
90