There were a few issues with the oss-fuzz integration from commit
8373f09854 ("build-sys: add oss-fuzz
support").
When building on OSS-Fuzz, the projects should use the provided CFLAGS
and CXXFLAGS and don't append any extra sanitization / fuzzing flags.
$LIB_FUZZING_ENGINE is defined to set the library to link to, and it
is a c++ library, so we should build fuzzer with c++...
Now --enable-fuzzer is only used for -fsanitize=fuzzer.
Add a tests/fuzz-main.c as fallback, to run the corpus on other builds.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
This script will permit integration with Google OSS-FUZZ
https://github.com/google/oss-fuzz
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Extend the existing test case with extending PCR 10 and reading back
the result, then storing the state blobs and setting them and checking
the value of PCR 10 again.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add support for --enable-test-coverage that sets additional CFLAGS
and LDFLAGS.
gcov creates files with suffixes .gcov, .gcno, and .gcda that we
need clean up in a few directories.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Do not fail the entire test run in case of a failure but display an
error message instead and continue running tests.
Errors may happen in very rare cases and we just continue then while
assuming the output is logged.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Add a simple test case to make sure that reading the PCRs
works as expected and that the state file is written
as expected. This state file (NVChip) is only written because
libtpms doesn't have any callbacks registered.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Wrap the fuzzer test in a script to we can set up a per fuzzer
temporary directory where the NvChip file is written into.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
On some systems /bin/bash does not exists but is somewhere else and can
be invoked with /usr/bin/env.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Make sure that the NVRAM offsets and structure sizes are the same
on all architectures so that we can fill up the NVRAM on one system
and migrate the state to another architecture and it will fit into
the NVRAM space there.
We leave some space for the first few data structures in the NVRAM to
grow. We do this by rounding up the NV_INDEX_RAM_DATA location to the
next kb boundary. This moves it from offset 4356 to 5120 on x86_64 and
from offset 4332 to 5120 on i386. This now leaves us with the same
amount of space for user dynamic NVRAM, which starts beyond offset 5120.
We also pad the OBJECT structure with 4 bytes so that it is the same
size on 32 and 64 bit architectures. This is a data structure that
is used in user dynamic NVRAM and should be the same size on all
architectures so that a full NVRAM always fits.
Also test the size of the NV_INDEX structure, which already has the
same size on all tested architectures (x86_64, i386, arm32, ppc64).
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This is taken directly from chromiumos TPM2 repository:
commit 172eec5ea9b46ddfe720c854fa719fdf8613b4ed
Author: nagendra modadugu <ngm@google.com>
Date: Fri Sep 16 14:07:13 2016 -0700
Add an initial fuzz test corpus for execute-command
This commit introduces a minimized corpus for
the test in fuzz/execute-command.cc.
The corpus was generated by parsing the TCG test
suite log for messages sent to the TPM. The corpus
includes test cases that produced crashes reported
in chrome-os-partner:56767 and chrome-os-partner:56825.
Future work includes defining a dictionary for the
protocol so that mutations can be more effective,
and also generating test-cases that improve coverage
(e.g. create & store primary key, followed by test case).
BUG=chrome-os-partner:50646
BRANCH=none
TEST=follow instructions in fuzz/README
Change-Id: I24332c0f58996626de9a08e2780595b0b2d76350
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/386443
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Kostya Serebryany <kcc@chromium.org>
Reviewed-by: Mike Aizitsky <aizatsky@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Fix support for ARM64 by testing for whether __aarch64__ is defined.
Also see http://sourceforge.net/p/predef/wiki/Architectures for the
gcc preprocessor defines.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Remove unnecessary files in the repository and add boostrap.sh to create the
configure file and other files we are removing here. Users have to run
bootstrap.sh to have those files created in their build environment.
Update the INSTALL instructions.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
Add a test case testing the TPMLIB_DecodeBlob function.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Acked-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
This is the initial import of the libtpms library. The libtpms library
provides software emulation of a Trusted Platform Module (TPM). It is
intended to be used by applications when a hardware TPM is not adequate.
For example, a hypervisor can use libtpms to emulate an independent TPM
for each of it's virtual machine guests. The library provides a high-
level API for developers to integrate the emulated TPM support into
their application.
The code was originally written by Kenneth Goldman <kgoldman@us.ibm.com>
and Stefan Berger <stefanb@us.ibm.com>.
The code is licensed under the Modified BSD License.
Signed-off-by: Corey Bryant <coreyb@linux.vnet.ibm.com>
