diff options
| author | Craig Hesling <hesling@chromium.org> | 2019-07-26 09:29:14 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2019-09-03 23:43:21 +0000 |
| commit | d5927cd01e761177d7dde9db072e48c11c1c3ed8 (patch) | |
| tree | f93985e4b3b500ad5bca73f2303adc8d626bcc49 | |
| parent | f1a6c7142f5cede9ae05e4116e5cf317c91a0c1a (diff) | |
| download | chrome-ec-d5927cd01e761177d7dde9db072e48c11c1c3ed8.tar.gz | |
fuzz_host_cmd: Add fuzzing for fpsensor host cmds
This adds the host commands declared in fpsensor_state.c to the
fuzzing mix. They are the following:
EC_CMD_FP_SEED 0x0408
EC_CMD_FP_ENC_STATUS 0x0409
EC_CMD_FP_MODE 0x0402
EC_CMD_FP_CONTEXT 0x0406
This is not the complete fpsensor host command interface.
More host commands will be added in followup CLs.
BRANCH=none
BUG=b:116065496
TEST=# Pull in TEST_COVERAGE fix
git fetch "https://chromium.googlesource.com/chromiumos/platform/ec" \
refs/changes/86/1725186/1 && git cherry-pick FETCH_HEAD
make host-host_command_fuzz TEST_COVERAGE=1
timeout 5m ./build/host/host_command_fuzz/host_command_fuzz.exe
llvm-profdata merge -sparse default.profraw -o default.profdata
llvm-cov show build/host/host_command_fuzz/host_command_fuzz.exe \
--instr-profile=default.profdata --format=html --output-dir=cov
# Inspect cov/.../common/fpsensor/fpsensor_state.c.html to verify
TEST=make buildall -j
Change-Id: I69e9833463944a0dfba49e5671987b7fec565bf4
Signed-off-by: Craig Hesling <hesling@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1661122
| -rw-r--r-- | common/mock/build.mk | 3 | ||||
| -rw-r--r-- | common/mock/rollback_mock.c | 33 | ||||
| -rw-r--r-- | fuzz/fuzz_config.h | 7 | ||||
| -rw-r--r-- | fuzz/host_command_fuzz.mocklist | 7 | ||||
| -rw-r--r-- | fuzz/host_command_fuzz.tasklist | 3 | ||||
| -rw-r--r-- | include/mock/rollback_mock.h | 22 |
6 files changed, 72 insertions, 3 deletions
diff --git a/common/mock/build.mk b/common/mock/build.mk index 190dde9be8..037718d3bb 100644 --- a/common/mock/build.mk +++ b/common/mock/build.mk @@ -4,5 +4,4 @@ # See common/mock/README.md for more information. -# Example: -# mock-$(HAS_MOCK_ROLLBACK) += rollback_mock.o
\ No newline at end of file +mock-$(HAS_MOCK_ROLLBACK) += rollback_mock.o diff --git a/common/mock/rollback_mock.c b/common/mock/rollback_mock.c new file mode 100644 index 0000000000..6a04b6142a --- /dev/null +++ b/common/mock/rollback_mock.c @@ -0,0 +1,33 @@ +/* Copyright 2019 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "mock/rollback_mock.h" + +#include <stdint.h> +#include <string.h> + +#include "common.h" +#include "compile_time_macros.h" +#include "util.h" + +struct mock_ctrl_rollback mock_ctrl_rollback = MOCK_CTRL_DEFAULT_ROLLBACK; + +static const uint8_t fake_rollback_secret[] = { + 0xcf, 0xe3, 0x23, 0x76, 0x35, 0x04, 0xc2, 0x0f, + 0x0d, 0xb6, 0x02, 0xa9, 0x68, 0xba, 0x2a, 0x61, + 0x86, 0x2a, 0x85, 0xd1, 0xca, 0x09, 0x54, 0x8a, + 0x6b, 0xe2, 0xe3, 0x38, 0xde, 0x5d, 0x59, 0x14, +}; + +BUILD_ASSERT(sizeof(fake_rollback_secret) == CONFIG_ROLLBACK_SECRET_SIZE); + +/* Mock the rollback for unit or fuzz tests. */ +int rollback_get_secret(uint8_t *secret) +{ + if (mock_ctrl_rollback.get_secret_fail) + return EC_ERROR_UNKNOWN; + memcpy(secret, fake_rollback_secret, sizeof(fake_rollback_secret)); + return EC_SUCCESS; +} diff --git a/fuzz/fuzz_config.h b/fuzz/fuzz_config.h index 105fa26bd4..49b5a192d3 100644 --- a/fuzz/fuzz_config.h +++ b/fuzz/fuzz_config.h @@ -97,6 +97,13 @@ enum nvmem_users { #else #define CONFIG_HOSTCMD_DEBUG_MODE HCDEBUG_OFF #endif /* ! FUZZ_HOSTCMD_VERBOSE */ + +/* The following are for fpsensor host commands. */ +#define CONFIG_AES +#define CONFIG_AES_GCM +#define CONFIG_ROLLBACK_SECRET_SIZE 32 +#define CONFIG_SHA256 + #endif /* TEST_HOST_COMMAND_FUZZ */ #if defined(TEST_USB_PD_FUZZ) diff --git a/fuzz/host_command_fuzz.mocklist b/fuzz/host_command_fuzz.mocklist new file mode 100644 index 0000000000..d84275532e --- /dev/null +++ b/fuzz/host_command_fuzz.mocklist @@ -0,0 +1,7 @@ +/* Copyright 2019 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + + #define CONFIG_TEST_MOCK_LIST \ + MOCK(ROLLBACK) diff --git a/fuzz/host_command_fuzz.tasklist b/fuzz/host_command_fuzz.tasklist index 24870f2abb..c95bf17c64 100644 --- a/fuzz/host_command_fuzz.tasklist +++ b/fuzz/host_command_fuzz.tasklist @@ -6,4 +6,5 @@ /** * See CONFIG_TASK_LIST in config.h for details. */ -#define CONFIG_TEST_TASK_LIST +#define CONFIG_TEST_TASK_LIST \ + TASK_TEST(FPSENSOR, fp_task_simulate, NULL, TASK_STACK_SIZE) diff --git a/include/mock/rollback_mock.h b/include/mock/rollback_mock.h new file mode 100644 index 0000000000..eb2dea6dd9 --- /dev/null +++ b/include/mock/rollback_mock.h @@ -0,0 +1,22 @@ +/* Copyright 2019 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#ifndef __MOCK_ROLLBACK_MOCK_H +#define __MOCK_ROLLBACK_MOCK_H + +#include <stdbool.h> + +struct mock_ctrl_rollback { + bool get_secret_fail; +}; + +#define MOCK_CTRL_DEFAULT_ROLLBACK \ +{ \ + .get_secret_fail = false, \ +} + +extern struct mock_ctrl_rollback mock_ctrl_rollback; + +#endif /* __MOCK_ROLLBACK_MOCK_H */ |