fuzzers: Initialize secdata

CL:2353775 made the functions tested by vb2_keyblock_fuzzer and
vb2_preamble_fuzzer look at secdata, which broke the fuzzer because they
don't initialize secdata the way a normal boot would. This patch makes
the fuzzers initialize both firmware and kernel secdata explicitly (and
nvdata as well for good measure, although I think it's technically not
needed).

BRANCH=None
BUG=chromium:1125143,chromium:1124172
TEST=None

Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Id9aaa4d44a20455133adc4c2bc524895629edfb9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2402423
Commit-Queue: Joel Kitching <kitching@chromium.org>

2 files changed, 18 insertions, 12 deletions

diff --git a/tests/vb2_keyblock_fuzzer.c b/tests/vb2_keyblock_fuzzer.c
index 9996afaf..6fabcd26 100644
--- a/tests/vb2_keyblock_fuzzer.c
+++ b/tests/vb2_keyblock_fuzzer.c
@@ -2,12 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include <assert.h>
-
 #include "2api.h"
 #include "2common.h"
 #include "2misc.h"
+#include "2nvstorage.h"
 #include "2rsa.h"
+#include "2secdata.h"
 #include "vboot_test.h"
 
 static struct vb2_context *ctx;
@@ -73,6 +73,7 @@ vb2_error_t vb2_safe_memcmp(const void *s1, const void *s2, size_t size)
 
 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+	/* Initialize fuzzing inputs. */
 	if (size < sizeof(gbb.rootkey))
 		return 0;
 
@@ -84,9 +85,16 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 	mock_keyblock = data + sizeof(gbb.rootkey);
 	mock_keyblock_size = size - sizeof(gbb.rootkey);
 
+	/* Set up data structures needed by the tested function. */
 	if (vb2api_init(workbuf, sizeof(workbuf), &ctx))
 		abort();
+	vb2_nv_init(ctx);
+	vb2api_secdata_firmware_create(ctx);
+	vb2api_secdata_kernel_create(ctx);
+	if (vb2_secdata_firmware_init(ctx) || vb2_secdata_kernel_init(ctx))
+		abort();
 
+	/* Run function to test. */
 	vb2_load_fw_keyblock(ctx);
 
 	return 0;
diff --git a/tests/vb2_preamble_fuzzer.c b/tests/vb2_preamble_fuzzer.c
index 9568f45f..b29ccc7a 100644
--- a/tests/vb2_preamble_fuzzer.c
+++ b/tests/vb2_preamble_fuzzer.c
@@ -2,11 +2,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include <assert.h>
-
 #include "2api.h"
 #include "2common.h"
 #include "2misc.h"
+#include "2nvstorage.h"
 #include "2rsa.h"
 #include "2secdata.h"
 #include "vboot_test.h"
@@ -24,13 +23,6 @@ void vb2api_fail(struct vb2_context *c, uint8_t reason, uint8_t subcode)
 	return;
 }
 
-void vb2_secdata_firmware_set(struct vb2_context *c,
-			      enum vb2_secdata_firmware_param param,
-			      uint32_t value)
-{
-	/* prevent abort from uninitialized secdata */
-}
-
 vb2_error_t vb2ex_read_resource(struct vb2_context *c,
 				enum vb2_resource_index index, uint32_t offset,
 				void *buf, uint32_t size)
@@ -68,12 +60,18 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
 	if (vb2api_init(workbuf, sizeof(workbuf), &ctx))
 		abort();
+	vb2_nv_init(ctx);
+	vb2api_secdata_firmware_create(ctx);
+	vb2api_secdata_kernel_create(ctx);
+	if (vb2_secdata_firmware_init(ctx) || vb2_secdata_kernel_init(ctx))
+		abort();
 
 	struct vb2_workbuf wb;
 	vb2_workbuf_from_ctx(ctx, &wb);
 
 	uint8_t *key = vb2_workbuf_alloc(&wb, datakey_size);
-	assert(key);
+	if (!key)
+		abort();
 	memcpy(key, data, datakey_size);
 
 	mock_preamble = data + datakey_size;