diff options
| author | Julius Werner <jwerner@chromium.org> | 2020-09-09 18:45:38 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-09-15 17:57:37 +0000 |
| commit | 3fbb2d16c42b70a1fdf57dc693e10ca11c998d10 (patch) | |
| tree | fbf3bc7079036d435fee47cf390f35e56551ccb0 /tests | |
| parent | 3f96c587e972e926badb50a15d4040e3ace8da62 (diff) | |
| download | vboot-3fbb2d16c42b70a1fdf57dc693e10ca11c998d10.tar.gz | |
fuzzers: Initialize secdata
CL:2353775 made the functions tested by vb2_keyblock_fuzzer and
vb2_preamble_fuzzer look at secdata, which broke the fuzzer because they
don't initialize secdata the way a normal boot would. This patch makes
the fuzzers initialize both firmware and kernel secdata explicitly (and
nvdata as well for good measure, although I think it's technically not
needed).
BRANCH=None
BUG=chromium:1125143,chromium:1124172
TEST=None
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: Id9aaa4d44a20455133adc4c2bc524895629edfb9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2402423
Commit-Queue: Joel Kitching <kitching@chromium.org>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/vb2_keyblock_fuzzer.c | 12 | ||||
| -rw-r--r-- | tests/vb2_preamble_fuzzer.c | 18 |
2 files changed, 18 insertions, 12 deletions
diff --git a/tests/vb2_keyblock_fuzzer.c b/tests/vb2_keyblock_fuzzer.c index 9996afaf..6fabcd26 100644 --- a/tests/vb2_keyblock_fuzzer.c +++ b/tests/vb2_keyblock_fuzzer.c @@ -2,12 +2,12 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include <assert.h> - #include "2api.h" #include "2common.h" #include "2misc.h" +#include "2nvstorage.h" #include "2rsa.h" +#include "2secdata.h" #include "vboot_test.h" static struct vb2_context *ctx; @@ -73,6 +73,7 @@ vb2_error_t vb2_safe_memcmp(const void *s1, const void *s2, size_t size) int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + /* Initialize fuzzing inputs. */ if (size < sizeof(gbb.rootkey)) return 0; @@ -84,9 +85,16 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { mock_keyblock = data + sizeof(gbb.rootkey); mock_keyblock_size = size - sizeof(gbb.rootkey); + /* Set up data structures needed by the tested function. */ if (vb2api_init(workbuf, sizeof(workbuf), &ctx)) abort(); + vb2_nv_init(ctx); + vb2api_secdata_firmware_create(ctx); + vb2api_secdata_kernel_create(ctx); + if (vb2_secdata_firmware_init(ctx) || vb2_secdata_kernel_init(ctx)) + abort(); + /* Run function to test. */ vb2_load_fw_keyblock(ctx); return 0; diff --git a/tests/vb2_preamble_fuzzer.c b/tests/vb2_preamble_fuzzer.c index 9568f45f..b29ccc7a 100644 --- a/tests/vb2_preamble_fuzzer.c +++ b/tests/vb2_preamble_fuzzer.c @@ -2,11 +2,10 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include <assert.h> - #include "2api.h" #include "2common.h" #include "2misc.h" +#include "2nvstorage.h" #include "2rsa.h" #include "2secdata.h" #include "vboot_test.h" @@ -24,13 +23,6 @@ void vb2api_fail(struct vb2_context *c, uint8_t reason, uint8_t subcode) return; } -void vb2_secdata_firmware_set(struct vb2_context *c, - enum vb2_secdata_firmware_param param, - uint32_t value) -{ - /* prevent abort from uninitialized secdata */ -} - vb2_error_t vb2ex_read_resource(struct vb2_context *c, enum vb2_resource_index index, uint32_t offset, void *buf, uint32_t size) @@ -68,12 +60,18 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (vb2api_init(workbuf, sizeof(workbuf), &ctx)) abort(); + vb2_nv_init(ctx); + vb2api_secdata_firmware_create(ctx); + vb2api_secdata_kernel_create(ctx); + if (vb2_secdata_firmware_init(ctx) || vb2_secdata_kernel_init(ctx)) + abort(); struct vb2_workbuf wb; vb2_workbuf_from_ctx(ctx, &wb); uint8_t *key = vb2_workbuf_alloc(&wb, datakey_size); - assert(key); + if (!key) + abort(); memcpy(key, data, datakey_size); mock_preamble = data + datakey_size; |