Pick widevine oemcrypto-v18 change

No-Typo-Check: From a third party header file
Bug: 260918793
Test: unit tests
Test: atp v2/widevine-eng/drm_compliance
Change-Id: I36effd6a10a99bdb2399ab1f4a0fad026d607c70

libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc

@@ -2,66 +2,130 @@
 // source code may only be used and distributed under the Widevine
 // License Agreement.
 
-#include <openssl/hmac.h>
-#include <openssl/sha.h>
-
+#include "FuzzedDataProvider.h"
 #include "OEMCryptoCENC.h"
-#include "log.h"
+#include "oec_session_util.h"
 #include "oemcrypto_fuzz_helper.h"
 #include "oemcrypto_fuzz_structs.h"
 #include "oemcrypto_types.h"
 
 namespace wvoec {
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  // Redirect printf and log statements from oemcrypto functions to a file to
-  // reduce noise
-  RedirectStdoutToFile();
 
-  OEMCrypto_Generic_Verify_Fuzz fuzzed_structure;
-  if (size < sizeof(fuzzed_structure)) {
-    return 0;
+// Properties deserialized from fuzzed data.
+struct FuzzedProperties {
+  OEMCrypto_Generic_Api_Fuzz structure;
+  std::vector<uint8_t> buffer;
+  std::vector<uint8_t> signature;
+};
+
+// Contains value only if has_value is true.
+struct OptionalFuzzedProperties {
+  FuzzedProperties value;
+  bool has_value;
+};
+
+OEMCryptoLicenseAPIFuzz license_api_fuzz;
+
+OptionalFuzzedProperties DeserializeFuzzedData(const uint8_t* data,
+                                               size_t size) {
+  OptionalFuzzedProperties fuzzed_properties;
+  const std::vector<FuzzedData> inputs = SplitFuzzedData(data, size);
+  if (inputs.size() < 2 ||
+      inputs[0].size < sizeof(fuzzed_properties.value.structure)) {
+    fuzzed_properties.has_value = false;
+    return fuzzed_properties;
   }
-  // Copy OEMCrypto_Generic_Verify_Fuzz from input data.
-  memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure));
+  FuzzedDataProvider fuzzed_data(inputs[0].data, inputs[0].size);
+  fuzzed_data.ConsumeData(&fuzzed_properties.value.structure,
+                          sizeof(fuzzed_properties.value.structure));
   ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue,
-                         &fuzzed_structure.cipher_mode);
+                         &fuzzed_properties.value.structure.cipher_mode);
   ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue,
-                         &fuzzed_structure.algorithm);
+                         &fuzzed_properties.value.structure.algorithm);
+  fuzzed_properties.value.buffer = fuzzed_data.ConsumeRemainingBytes<uint8_t>();
+  fuzzed_properties.value.signature.assign(inputs[1].data,
+                                           inputs[1].data + inputs[1].size);
+  fuzzed_properties.has_value = true;
+  return fuzzed_properties;
+}
 
-  size_t in_buffer_size = size - sizeof(fuzzed_structure);
-  if (in_buffer_size == 0) {
-    return 0;
-  }
-  // Copy clear buffer from input data.
-  vector<uint8_t> in_buffer(in_buffer_size);
-  memcpy(in_buffer.data(), data + sizeof(fuzzed_structure), in_buffer_size);
-
-  OEMCryptoLicenseAPIFuzz license_api_fuzz;
-  Session* session = license_api_fuzz.session();
-  // Load license and call generic_verify API.
+extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
+  RedirectStdoutToFile();
   license_api_fuzz.LoadLicense();
-  OEMCrypto_SelectKey(session->session_id(), session->license().keys[0].key_id,
-                      session->license().keys[0].key_id_length,
-                      OEMCrypto_CipherMode_CENC);
-  // Calculate signature for in buffer.
-  size_t signature_length = 0;
-  OEMCrypto_Generic_Sign(session->session_id(), in_buffer.data(),
-                         in_buffer.size(), fuzzed_structure.algorithm, nullptr,
-                         &signature_length);
-  vector<uint8_t> signature(signature_length);
-  OEMCrypto_Generic_Sign(session->session_id(), in_buffer.data(),
-                         in_buffer.size(), fuzzed_structure.algorithm,
-                         signature.data(), &signature_length);
-
-  OEMCrypto_SelectKey(session->session_id(), session->license().keys[0].key_id,
-                      session->license().keys[0].key_id_length,
-                      fuzzed_structure.cipher_mode);
-  signature_length =
-      std::min(MAX_FUZZ_SIGNATURE_LENGTH, fuzzed_structure.signature_length);
-  signature.resize(signature_length);
-  OEMCrypto_Generic_Verify(session->session_id(), in_buffer.data(),
-                           in_buffer.size(), fuzzed_structure.algorithm,
-                           signature.data(), signature_length);
   return 0;
 }
+
+extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
+                                          size_t max_size, unsigned int seed) {
+  // Deserialize fuzzed data.
+  OptionalFuzzedProperties fuzzed_properties =
+      DeserializeFuzzedData(data, size);
+  if (!fuzzed_properties.has_value) {
+    return 0;
+  }
+
+  // Select key and perform verification.
+  Session* const session = license_api_fuzz.session();
+  vector<uint8_t> key_handle;
+  GetKeyHandleIntoVector(
+      session->session_id(), session->license().keys[0].key_id,
+      session->license().keys[0].key_id_length,
+      fuzzed_properties.value.structure.cipher_mode, key_handle);
+  if (OEMCrypto_Generic_Verify(key_handle.data(), key_handle.size(),
+                               fuzzed_properties.value.buffer.data(),
+                               fuzzed_properties.value.buffer.size(),
+                               fuzzed_properties.value.structure.algorithm,
+                               fuzzed_properties.value.signature.data(),
+                               fuzzed_properties.value.signature.size()) !=
+      OEMCrypto_SUCCESS) {
+    // Generate a new signature.
+    size_t signature_length = 0;
+    OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(),
+                           fuzzed_properties.value.buffer.data(),
+                           fuzzed_properties.value.buffer.size(),
+                           fuzzed_properties.value.structure.algorithm, nullptr,
+                           &signature_length);
+    fuzzed_properties.value.signature.resize(signature_length);
+    OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(),
+                           fuzzed_properties.value.buffer.data(),
+                           fuzzed_properties.value.buffer.size(),
+                           fuzzed_properties.value.structure.algorithm,
+                           fuzzed_properties.value.signature.data(),
+                           &signature_length);
+    const size_t signature_offset = sizeof(fuzzed_properties.value.structure) +
+                                    fuzzed_properties.value.buffer.size();
+    size = signature_offset + signature_length;
+    if (size > max_size) {
+      return 0;
+    }
+    memcpy(data + signature_offset, fuzzed_properties.value.signature.data(),
+           signature_length);
+  }
+  return LLVMFuzzerMutate(data, size, max_size);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  // Deserialize fuzzed data.
+  const OptionalFuzzedProperties fuzzed_properties =
+      DeserializeFuzzedData(data, size);
+  if (!fuzzed_properties.has_value) {
+    return 0;
+  }
+
+  // Select key and perform verification.
+  Session* const session = license_api_fuzz.session();
+  vector<uint8_t> key_handle;
+  GetKeyHandleIntoVector(
+      session->session_id(), session->license().keys[0].key_id,
+      session->license().keys[0].key_id_length,
+      fuzzed_properties.value.structure.cipher_mode, key_handle);
+  OEMCrypto_Generic_Verify(key_handle.data(), key_handle.size(),
+                           fuzzed_properties.value.buffer.data(),
+                           fuzzed_properties.value.buffer.size(),
+                           fuzzed_properties.value.structure.algorithm,
+                           fuzzed_properties.value.signature.data(),
+                           fuzzed_properties.value.signature.size());
+  return 0;
+}
+
 }  // namespace wvoec