trusty: Fuzz keymaster TA using generic TIPC fuzzer

Bug: 171750250 Test: trusty_keymaster_fuzzer Change-Id: I94a1cc28276d198f698906212a8a5d15ac07ae1e
2021-02-27 14:09:04 -08:00 · 2021-02-27 14:09:04 -08:00 · 123c038e1a
commit 123c038e1a
parent e4a80fe066
2 changed files with 6 additions and 77 deletions
--- a/trusty/keymaster/fuzz/Android.bp
+++ b/trusty/keymaster/fuzz/Android.bp
@ -19,7 +19,12 @@ package {
 cc_fuzz {
    name: "trusty_keymaster_fuzzer",
    defaults: ["trusty_fuzzer_defaults"],
-    srcs: ["fuzz.cpp"],
+    srcs: [":trusty_tipc_fuzzer"],
+    cflags: [
+        "-DTRUSTY_APP_PORT=\"com.android.trusty.keymaster\"",
+        "-DTRUSTY_APP_UUID=\"5f902ace-5e5c-4cd8-ae54-87b88c22ddaf\"",
+        "-DTRUSTY_APP_FILENAME=\"keymaster.syms.elf\"",
+    ],

    // The initial corpus for this fuzzer was derived by dumping messages from
    // the `secure_env` emulator interface for cuttlefish while running the
--- a/trusty/keymaster/fuzz/fuzz.cpp
+++ b/trusty/keymaster/fuzz/fuzz.cpp
@ -1,76 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <stdlib.h>
-#include <trusty/coverage/coverage.h>
-#include <trusty/fuzz/counters.h>
-#include <trusty/fuzz/utils.h>
-#include <unistd.h>
-#include <iostream>
-
-using android::trusty::coverage::CoverageRecord;
-using android::trusty::fuzz::ExtraCounters;
-using android::trusty::fuzz::TrustyApp;
-
-#define TIPC_DEV "/dev/trusty-ipc-dev0"
-#define KEYMASTER_PORT "com.android.trusty.keymaster"
-#define KEYMASTER_MODULE_FILENAME "keymaster.syms.elf"
-
-/* Keymaster TA's UUID is 5f902ace-5e5c-4cd8-ae54-87b88c22ddaf */
-static struct uuid keymaster_uuid = {
-        0x5f902ace,
-        0x5e5c,
-        0x4cd8,
-        {0xae, 0x54, 0x87, 0xb8, 0x8c, 0x22, 0xdd, 0xaf},
-};
-
-static CoverageRecord record(TIPC_DEV, &keymaster_uuid, KEYMASTER_MODULE_FILENAME);
-
-extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
-    auto ret = record.Open();
-    if (!ret.ok()) {
-        std::cerr << ret.error() << std::endl;
-        exit(-1);
-    }
-    return 0;
-}
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-    static uint8_t buf[TIPC_MAX_MSG_SIZE];
-
-    ExtraCounters counters(&record);
-    counters.Reset();
-
-    android::trusty::fuzz::TrustyApp ta(TIPC_DEV, KEYMASTER_PORT);
-    auto ret = ta.Connect();
-    if (!ret.ok()) {
-        android::trusty::fuzz::Abort();
-    }
-
-    /* Send message to test server */
-    ret = ta.Write(data, size);
-    if (!ret.ok()) {
-        return -1;
-    }
-
-    /* Read message from test server */
-    ret = ta.Read(&buf, sizeof(buf));
-    if (!ret.ok()) {
-        return -1;
-    }
-
-    return 0;
-}