test: Add test for read_match_secret resp error

Add a test for fp_command_read_match_secret when the number of matched
finger is within the allowed range of [0 5[, the state deadline value is
valid, the state is readable with the correct matched finger number, and
and a trivial positive_match_salt. The test should fail with the error
message EC_RES_ERROR.
Add a trivial mock value for the positive_match_salt and a default fake
value for the positive_match_salt in the fpsensor_state_mock library.

BRANCH=None
BUG=b:242720387
TEST=make run-fpsensor_state
TEST=make runhosttests

Signed-off-by: Firas Sammoura <fsammoura@google.com>
Change-Id: I9af4cb13a1b6f63049205cad9684050d5eb1f885
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3872553
Reviewed-by: Bobby Casey <bobbycasey@google.com>

3 files changed, 60 insertions, 0 deletions

diff --git a/common/mock/fpsensor_state_mock.c b/common/mock/fpsensor_state_mock.c
index c3092fe860..1d74886097 100644
--- a/common/mock/fpsensor_state_mock.c
+++ b/common/mock/fpsensor_state_mock.c
@@ -21,6 +21,28 @@ const uint8_t default_fake_tpm_seed[] = {
 };
 BUILD_ASSERT(sizeof(default_fake_tpm_seed) == FP_CONTEXT_TPM_BYTES);
 
+const uint8_t default_fake_fp_positive_match_salt[] = {
+	0x04, 0x1f, 0x5a, 0xac, 0x5f, 0x79, 0x10, 0xaf, 0x04, 0x1d, 0x46, 0x3a,
+	0x5f, 0x08, 0xee, 0xcb, 0x04, 0x1f, 0x5a, 0xac, 0x5f, 0x79, 0x10, 0xaf,
+	0x04, 0x1d, 0x46, 0x3a, 0x5f, 0x08, 0xee, 0xcb, 0x04, 0x1f, 0x5a, 0xac,
+	0x5f, 0x79, 0x10, 0xaf, 0x04, 0x1d, 0x46, 0x3a, 0x5f, 0x08, 0xee, 0xcb,
+	0x04, 0x1f, 0x5a, 0xac, 0x5f, 0x79, 0x10, 0xaf, 0x04, 0x1d, 0x46, 0x3a,
+	0x5f, 0x08, 0xee, 0xcb, 0x04, 0x1f, 0x5a, 0xac, 0x5f, 0x79, 0x10, 0xaf,
+	0x04, 0x1d, 0x46, 0x3a, 0x5f, 0x08, 0xee, 0xcb
+};
+BUILD_ASSERT(sizeof(default_fake_fp_positive_match_salt) == 80);
+
+const uint8_t trivial_fp_positive_match_salt[] = {
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+BUILD_ASSERT(sizeof(trivial_fp_positive_match_salt) == 80);
+
 int fpsensor_state_mock_set_tpm_seed(
 	const uint8_t tpm_seed[FP_CONTEXT_TPM_BYTES])
 {
diff --git a/include/mock/fpsensor_state_mock.h b/include/mock/fpsensor_state_mock.h
index 4571a1e987..aad049d8e6 100644
--- a/include/mock/fpsensor_state_mock.h
+++ b/include/mock/fpsensor_state_mock.h
@@ -11,6 +11,12 @@
 #include "ec_commands.h"
 
 extern const uint8_t default_fake_tpm_seed[FP_CONTEXT_TPM_BYTES];
+extern const uint8_t
+	default_fake_fp_positive_match_salt[FP_MAX_FINGER_COUNT]
+					   [FP_POSITIVE_MATCH_SALT_BYTES];
+extern const uint8_t
+	trivial_fp_positive_match_salt[FP_MAX_FINGER_COUNT]
+				      [FP_POSITIVE_MATCH_SALT_BYTES];
 
 int fpsensor_state_mock_set_tpm_seed(
 	const uint8_t tpm_seed[FP_CONTEXT_TPM_BYTES]);
diff --git a/test/fpsensor_state.c b/test/fpsensor_state.c
index 78958fd77c..75a72d6afe 100644
--- a/test/fpsensor_state.c
+++ b/test/fpsensor_state.c
@@ -298,6 +298,37 @@ test_static int test_fp_command_read_match_secret_unreadable_state(void)
 	return EC_SUCCESS;
 }
 
+test_static int test_fp_command_read_match_secret_derive_fail(void)
+{
+	struct ec_response_fp_read_match_secret response = { 0 };
+	/* Create valid param with 0 <= fgr < 5 */
+	uint16_t matched_fgr = 1;
+	struct ec_params_fp_read_match_secret test_match_secret_1 = {
+		.fgr = matched_fgr,
+	};
+	/* Create positive secret match state with valid deadline value,
+	 * readable state, and correct template matched
+	 */
+	struct positive_match_secret_state test_state_1 = {
+		.deadline.val = 5000000,
+		.readable = true,
+		.template_matched = matched_fgr,
+	};
+	positive_match_secret_state = test_state_1;
+	/* Set fp_positive_match_salt to the trivial value */
+	memcpy(fp_positive_match_salt, trivial_fp_positive_match_salt,
+	       sizeof(trivial_fp_positive_match_salt));
+
+	/* Test with the correct matched finger state and a trivial
+	 * fp_positive_match_salt
+	 */
+	TEST_ASSERT(test_send_host_command(
+			    EC_CMD_FP_READ_MATCH_SECRET, 0,
+			    &test_match_secret_1, sizeof(test_match_secret_1),
+			    &response, sizeof(response)) == EC_RES_ERROR);
+	return EC_SUCCESS;
+}
+
 void run_test(int argc, const char **argv)
 {
 	RUN_TEST(test_fp_enc_status_valid_flags);
@@ -311,5 +342,6 @@ void run_test(int argc, const char **argv)
 	RUN_TEST(test_fp_command_read_match_secret_fail_timeout);
 	RUN_TEST(test_fp_command_read_match_secret_unmatched_fgr);
 	RUN_TEST(test_fp_command_read_match_secret_unreadable_state);
+	RUN_TEST(test_fp_command_read_match_secret_derive_fail);
 	test_print_result();
 }