Pick widevine oemcrypto-v18 change
No-Typo-Check: From a third party header file Bug: 260918793 Test: unit tests Test: atp v2/widevine-eng/drm_compliance Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70
This commit is contained in:
Kyle Zhang
@@ -2,93 +2,82 @@
|
||||
// source code may only be used and distributed under the Widevine Master
|
||||
// License Agreement.
|
||||
|
||||
#include "FuzzedDataProvider.h"
|
||||
#include "OEMCryptoCENC.h"
|
||||
#include "log.h"
|
||||
#include "oemcrypto_fuzz_helper.h"
|
||||
#include "oemcrypto_fuzz_structs.h"
|
||||
|
||||
namespace wvoec {
|
||||
// Free dynamic memory allocated by fuzzer script.
|
||||
void FreeOutputBuffers(OEMCrypto_SESSION session_id,
|
||||
OEMCrypto_DestBufferDesc& output_descriptor,
|
||||
int* secure_fd) {
|
||||
switch (output_descriptor.type) {
|
||||
case OEMCrypto_BufferType_Clear: {
|
||||
delete[] output_descriptor.buffer.clear.clear_buffer;
|
||||
break;
|
||||
}
|
||||
case OEMCrypto_BufferType_Secure: {
|
||||
OEMCrypto_FreeSecureBuffer(session_id, &output_descriptor, *secure_fd);
|
||||
break;
|
||||
}
|
||||
case OEMCrypto_BufferType_Direct: {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
bool InitializeOutputBuffers(OEMCrypto_SESSION session_id,
|
||||
OEMCrypto_DestBufferDesc& output_descriptor,
|
||||
int* secure_fd, size_t input_buffer_size) {
|
||||
switch (output_descriptor.type) {
|
||||
case OEMCrypto_BufferType_Clear: {
|
||||
output_descriptor.buffer.clear.clear_buffer =
|
||||
new OEMCrypto_SharedMemory[input_buffer_size];
|
||||
return true;
|
||||
}
|
||||
case OEMCrypto_BufferType_Secure: {
|
||||
OEMCryptoResult sts = OEMCrypto_AllocateSecureBuffer(
|
||||
session_id, input_buffer_size, &output_descriptor, secure_fd);
|
||||
return sts == OEMCrypto_SUCCESS;
|
||||
}
|
||||
case OEMCrypto_BufferType_Direct: {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
// Redirect printf and log statements from oemcrypto functions to a file to
|
||||
// reduce noise
|
||||
RedirectStdoutToFile();
|
||||
uint8_t subsample_flags;
|
||||
|
||||
// OEMCrypto_DestBufferDesc and a buffer from which data needs to be copied
|
||||
// are expected as inputs to copy buffer API.
|
||||
// Input fuzzed data is interpreted as
|
||||
// Input fuzzed data is interpreted as:
|
||||
// (OEMCrypto_DestBufferDesc | subsample_flags | input_buffer)
|
||||
if (size <= sizeof(OEMCrypto_Copy_Buffer_Fuzz)) {
|
||||
OEMCrypto_Copy_Buffer_Fuzz fuzzed_structure;
|
||||
if (size < sizeof(fuzzed_structure)) {
|
||||
return 0;
|
||||
}
|
||||
OEMCrypto_Copy_Buffer_Fuzz fuzzed_structure;
|
||||
// Fuzz dest_buffer_desc.
|
||||
memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure));
|
||||
FuzzedDataProvider fuzzed_data(data, size);
|
||||
fuzzed_data.ConsumeData(&fuzzed_structure, sizeof(fuzzed_structure));
|
||||
ConvertDataToValidEnum(OEMCrypto_BufferType_MaxValue,
|
||||
&fuzzed_structure.dest_buffer_desc.type);
|
||||
fuzzed_structure.dest_buffer_desc.buffer_config %= MAX_FUZZ_OUTPUT_LENGTH + 1;
|
||||
const std::vector<OEMCrypto_SharedMemory> input_buffer =
|
||||
fuzzed_data.ConsumeRemainingBytes<OEMCrypto_SharedMemory>();
|
||||
|
||||
OEMCryptoLicenseAPIFuzz license_api_fuzz;
|
||||
Session* session = license_api_fuzz.session();
|
||||
// Fuzz input buffer to be copied.
|
||||
size_t input_buffer_size = size - sizeof(fuzzed_structure);
|
||||
const uint32_t session_id = license_api_fuzz.session()->session_id();
|
||||
|
||||
// Initialize output buffer.
|
||||
OEMCrypto_DestBufferDesc dest_buffer_desc;
|
||||
int secure_fd = 0;
|
||||
// Create output buffer pointers. If secure buffer is not supported, we
|
||||
// explicitly convert to clear buffer and fuzz.
|
||||
if (!InitializeOutputBuffers(session->session_id(),
|
||||
fuzzed_structure.dest_buffer_desc, &secure_fd,
|
||||
input_buffer_size)) {
|
||||
LOGI(
|
||||
"[OEMCrypto decrypt CENC fuzz] Secure buffers are not supported. Use "
|
||||
"clear buffer instead.");
|
||||
fuzzed_structure.dest_buffer_desc.type = OEMCrypto_BufferType_Clear;
|
||||
InitializeOutputBuffers(session->session_id(),
|
||||
fuzzed_structure.dest_buffer_desc, &secure_fd,
|
||||
input_buffer_size);
|
||||
dest_buffer_desc.type = fuzzed_structure.dest_buffer_desc.type;
|
||||
switch (dest_buffer_desc.type) {
|
||||
case OEMCrypto_BufferType_Clear:
|
||||
dest_buffer_desc.buffer.clear.clear_buffer =
|
||||
new OEMCrypto_SharedMemory[fuzzed_structure.dest_buffer_desc
|
||||
.buffer_config];
|
||||
dest_buffer_desc.buffer.clear.clear_buffer_length =
|
||||
fuzzed_structure.dest_buffer_desc.buffer_config;
|
||||
break;
|
||||
|
||||
case OEMCrypto_BufferType_Secure:
|
||||
if (OEMCrypto_AllocateSecureBuffer(
|
||||
session_id, fuzzed_structure.dest_buffer_desc.buffer_config,
|
||||
&dest_buffer_desc, &secure_fd) != OEMCrypto_SUCCESS) {
|
||||
return 0;
|
||||
}
|
||||
break;
|
||||
|
||||
case OEMCrypto_BufferType_Direct:
|
||||
dest_buffer_desc.buffer.direct.is_video =
|
||||
fuzzed_structure.dest_buffer_desc.buffer_config & 1;
|
||||
break;
|
||||
}
|
||||
OEMCrypto_CopyBuffer(session->session_id(), data + sizeof(fuzzed_structure),
|
||||
input_buffer_size, &fuzzed_structure.dest_buffer_desc,
|
||||
subsample_flags);
|
||||
FreeOutputBuffers(session->session_id(), fuzzed_structure.dest_buffer_desc,
|
||||
&secure_fd);
|
||||
|
||||
OEMCrypto_CopyBuffer(session_id, input_buffer.data(), input_buffer.size(),
|
||||
&dest_buffer_desc, fuzzed_structure.subsample_flags);
|
||||
|
||||
// Free output buffer.
|
||||
switch (dest_buffer_desc.type) {
|
||||
case OEMCrypto_BufferType_Clear:
|
||||
delete[] dest_buffer_desc.buffer.clear.clear_buffer;
|
||||
break;
|
||||
|
||||
case OEMCrypto_BufferType_Secure:
|
||||
OEMCrypto_FreeSecureBuffer(session_id, &dest_buffer_desc, secure_fd);
|
||||
break;
|
||||
|
||||
case OEMCrypto_BufferType_Direct:
|
||||
break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
} // namespace wvoec
|
||||
|
||||
} // namespace wvoec
|
||||
|
||||
Reference in New Issue
Block a user