fuzz_host_cmd: Add fuzzing for fpsensor host cmds

This adds the host commands declared in fpsensor_state.c to the
fuzzing mix. They are the following:

EC_CMD_FP_SEED       0x0408
EC_CMD_FP_ENC_STATUS 0x0409
EC_CMD_FP_MODE       0x0402
EC_CMD_FP_CONTEXT    0x0406

This is not the complete fpsensor host command interface.
More host commands will be added in followup CLs.

BRANCH=none
BUG=b:116065496
TEST=# Pull in TEST_COVERAGE fix
     git fetch "https://chromium.googlesource.com/chromiumos/platform/ec" \
     refs/changes/86/1725186/1 && git cherry-pick FETCH_HEAD
     make host-host_command_fuzz TEST_COVERAGE=1
     timeout 5m ./build/host/host_command_fuzz/host_command_fuzz.exe
     llvm-profdata merge -sparse default.profraw -o default.profdata
     llvm-cov show build/host/host_command_fuzz/host_command_fuzz.exe \
     --instr-profile=default.profdata --format=html --output-dir=cov
     # Inspect cov/.../common/fpsensor/fpsensor_state.c.html to verify
TEST=make buildall -j

Change-Id: I69e9833463944a0dfba49e5671987b7fec565bf4
Signed-off-by: Craig Hesling <hesling@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1661122

common/mock/build.mk

@@ -4,5 +4,4 @@
 
 # See common/mock/README.md for more information.
 
-# Example:
-# mock-$(HAS_MOCK_ROLLBACK) += rollback_mock.o
+mock-$(HAS_MOCK_ROLLBACK) += rollback_mock.o

common/mock/rollback_mock.c

@@ -0,0 +1,33 @@
+/* Copyright 2019 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "mock/rollback_mock.h"
+
+#include <stdint.h>
+#include <string.h>
+
+#include "common.h"
+#include "compile_time_macros.h"
+#include "util.h"
+
+struct mock_ctrl_rollback mock_ctrl_rollback = MOCK_CTRL_DEFAULT_ROLLBACK;
+
+static const uint8_t fake_rollback_secret[] = {
+	0xcf, 0xe3, 0x23, 0x76, 0x35, 0x04, 0xc2, 0x0f,
+	0x0d, 0xb6, 0x02, 0xa9, 0x68, 0xba, 0x2a, 0x61,
+	0x86, 0x2a, 0x85, 0xd1, 0xca, 0x09, 0x54, 0x8a,
+	0x6b, 0xe2, 0xe3, 0x38, 0xde, 0x5d, 0x59, 0x14,
+};
+
+BUILD_ASSERT(sizeof(fake_rollback_secret) == CONFIG_ROLLBACK_SECRET_SIZE);
+
+/* Mock the rollback for unit or fuzz tests. */
+int rollback_get_secret(uint8_t *secret)
+{
+	if (mock_ctrl_rollback.get_secret_fail)
+		return EC_ERROR_UNKNOWN;
+	memcpy(secret, fake_rollback_secret, sizeof(fake_rollback_secret));
+	return EC_SUCCESS;
+}

fuzz/fuzz_config.h

@@ -97,6 +97,13 @@ enum nvmem_users {
 #else
 #define CONFIG_HOSTCMD_DEBUG_MODE HCDEBUG_OFF
 #endif /* ! FUZZ_HOSTCMD_VERBOSE */
+
+/* The following are for fpsensor host commands. */
+#define CONFIG_AES
+#define CONFIG_AES_GCM
+#define CONFIG_ROLLBACK_SECRET_SIZE 32
+#define CONFIG_SHA256
+
 #endif /* TEST_HOST_COMMAND_FUZZ */
 
 #if defined(TEST_USB_PD_FUZZ)

fuzz/host_command_fuzz.mocklist

@@ -0,0 +1,7 @@
+/* Copyright 2019 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+ #define CONFIG_TEST_MOCK_LIST \
+        MOCK(ROLLBACK)

fuzz/host_command_fuzz.tasklist

@@ -6,4 +6,5 @@
 /**
  * See CONFIG_TASK_LIST in config.h for details.
  */
-#define CONFIG_TEST_TASK_LIST
+#define CONFIG_TEST_TASK_LIST \
+        TASK_TEST(FPSENSOR, fp_task_simulate, NULL, TASK_STACK_SIZE)

include/mock/rollback_mock.h

@@ -0,0 +1,22 @@
+/* Copyright 2019 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef __MOCK_ROLLBACK_MOCK_H
+#define __MOCK_ROLLBACK_MOCK_H
+
+#include <stdbool.h>
+
+struct mock_ctrl_rollback {
+	bool get_secret_fail;
+};
+
+#define MOCK_CTRL_DEFAULT_ROLLBACK             \
+{                                              \
+	.get_secret_fail = false,              \
+}
+
+extern struct mock_ctrl_rollback mock_ctrl_rollback;
+
+#endif  /* __MOCK_ROLLBACK_MOCK_H */