Fix bugs impacting fuzzing coverage

- Update ConvertDataToValidEnum to not use FuzzedDataProvider since it causes unexpected parsing results. - Add OEMCryptoLicenseAPIFuzz::LoadLicenseWithGenericCryptoKeys so that generic crypto fuzz tests can load appropriate keys. - Remove custom mutator from oemcrypto_generic_verify_fuzz because it provides minimal additional coverage. - Refresh affected corpus files. Merged from https://widevine-internal-review.googlesource.com/168557 Merged from https://widevine-internal-review.googlesource.com/171191 Merged from https://widevine-internal-review.googlesource.com/172170 Merged from https://widevine-internal-review.googlesource.com/172250 Change-Id: Ie676a36cbf4c12bdda9566fad3590a7b69168d9c
2023-03-21 01:45:50 +00:00
parent 55ef762c08
commit 57b391c8b9
300 changed files with 81 additions and 139 deletions
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_decrypt_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_decrypt_fuzz.cc
@@ -20,7 +20,7 @@ wvoec::OEMCryptoLicenseAPIFuzz& license_api_fuzz =
 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
  wvoec::RedirectStdoutToFile();
  license_api_fuzz.Initialize();
-  license_api_fuzz.LoadLicense();
+  license_api_fuzz.LoadLicenseWithGenericCryptoKeys();
  return 0;
 }

@@ -40,22 +40,25 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  FuzzedDataProvider fuzzed_data(inputs[0].data, inputs[0].size);
  fuzzed_data.ConsumeData(&fuzzed_structure, sizeof(fuzzed_structure));
  wvoec::ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue,
-                                &fuzzed_structure.cipher_mode);
+                                fuzzed_structure.cipher_mode);
  wvoec::ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue,
-                                &fuzzed_structure.algorithm);
+                                fuzzed_structure.algorithm);
  // Copy iv from input data.
-  const std::vector<uint8_t> iv = fuzzed_data.ConsumeRemainingBytes<uint8_t>();
+  constexpr size_t iv_length = 16;
+  const std::vector<uint8_t> iv = fuzzed_data.ConsumeBytes<uint8_t>(
+      fuzzed_data.remaining_bytes() < iv_length ? 0 : iv_length);

  // Initialize encrypted and clear buffers.
  const std::vector<uint8_t> encrypted_buffer(inputs[1].data,
                                              inputs[1].data + inputs[1].size);
  std::vector<uint8_t> clear_buffer(encrypted_buffer.size());

+  // Select key and decrypt.
  wvoec::Session& session = license_api_fuzz.session();
  std::vector<uint8_t> key_handle;
  wvoec::GetKeyHandleIntoVector(session.session_id(),
-                                session.license().keys[0].key_id,
-                                session.license().keys[0].key_id_length,
+                                session.license().keys[1].key_id,
+                                session.license().keys[1].key_id_length,
                                fuzzed_structure.cipher_mode, key_handle);
  OEMCrypto_Generic_Decrypt(key_handle.data(), key_handle.size(),
                            encrypted_buffer.data(), encrypted_buffer.size(),