Replace entitled key session fuzzer

Enable multiple OEMCrypto calls in arbitrary order, multiple OEMCrypto sessions, and OEMCrypto_ReassociateEntitledKeySession fuzzing. Merged from https://widevine-internal-review.googlesource.com/174990 Merged from https://widevine-internal-review.googlesource.com/178330 Change-Id: Ic1ac754c74bf0299c8c9f04ffdbfe82cf9f7569d
2023-05-11 18:01:48 +00:00
parent 79c809840e
commit 9a24732f5b
2 changed files with 136 additions and 32 deletions
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_create_and_remove_entitled_key_session_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_create_and_remove_entitled_key_session_fuzz.cc
@@ -1,32 +0,0 @@
-// Copyright 2022 Google LLC. All Rights Reserved. This file and proprietary
-// source code may only be used and distributed under the Widevine
-// License Agreement.
-
-#include "FuzzedDataProvider.h"
-#include "OEMCryptoCENC.h"
-#include "oemcrypto_fuzz_helper.h"
-
-extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
-  wvoec::RedirectStdoutToFile();
-
-  wvoec::SessionFuzz session_fuzz;
-  session_fuzz.Initialize();
-
-  FuzzedDataProvider fuzzed_data(data, size);
-
-  uint32_t key_session;
-  uint32_t* const key_session_ptr =
-      fuzzed_data.ConsumeBool() ? &key_session : nullptr;
-
-  OEMCrypto_CreateEntitledKeySession(session_fuzz.session().session_id(),
-                                     key_session_ptr);
-
-  if (key_session_ptr == nullptr || fuzzed_data.ConsumeBool()) {
-    key_session = fuzzed_data.ConsumeIntegral<uint32_t>();
-  }
-
-  OEMCrypto_RemoveEntitledKeySession(key_session);
-
-  session_fuzz.Terminate();
-  return 0;
-}
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_entitled_key_session_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_entitled_key_session_fuzz.cc
@@ -0,0 +1,136 @@
+// Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
+// source code may only be used and distributed under the Widevine
+// License Agreement.
+
+#include <vector>
+
+#include "FuzzedDataProvider.h"
+#include "OEMCryptoCENC.h"
+#include "oemcrypto_fuzz_helper.h"
+
+namespace {
+
+enum class ApiMethod {
+  kOpenSession,
+  kCloseSession,
+  kCreateEntitledKeySession,
+  kReassociateEntitledKeySession,
+  kRemoveEntitledKeySession,
+  kMaxValue = kRemoveEntitledKeySession,
+};
+
+struct Session {
+  OEMCrypto_SESSION value;
+  std::vector<OEMCrypto_SESSION>::const_iterator iterator;
+};
+
+Session PickSession(FuzzedDataProvider& fuzzed_data,
+                    const std::vector<OEMCrypto_SESSION>& sessions) {
+  Session session;
+
+  session.iterator =
+      sessions.cbegin() +
+      fuzzed_data.ConsumeIntegralInRange<size_t>(0, sessions.size());
+
+  if (session.iterator != sessions.cend()) {
+    session.value = *session.iterator;
+  } else {
+    session.value = fuzzed_data.ConsumeIntegral<OEMCrypto_SESSION>();
+  }
+
+  return session;
+}
+
+}  // namespace
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  wvoec::RedirectStdoutToFile();
+
+  wvoec::SessionUtil session_util;
+  wvoec::InitializeFuzz(session_util);
+
+  // Contains all open and some closed OEMCrypto sessions.
+  std::vector<OEMCrypto_SESSION> oec_sessions;
+
+  // Contains all current and some removed key sessions.
+  std::vector<OEMCrypto_SESSION> key_sessions;
+
+  FuzzedDataProvider fuzzed_data(data, size);
+
+  while (fuzzed_data.remaining_bytes() > 0) {
+    switch (fuzzed_data.ConsumeEnum<ApiMethod>()) {
+      case ApiMethod::kOpenSession: {
+        OEMCrypto_SESSION session = 0;
+        const OEMCryptoResult result = OEMCrypto_OpenSession(&session);
+
+        if (result == OEMCrypto_SUCCESS) {
+          oec_sessions.push_back(session);
+        }
+
+        break;
+      }
+
+      case ApiMethod::kCloseSession: {
+        const Session session = PickSession(fuzzed_data, oec_sessions);
+
+        const OEMCryptoResult result = OEMCrypto_CloseSession(session.value);
+
+        if (result == OEMCrypto_SUCCESS &&
+            session.iterator != oec_sessions.cend() &&
+            fuzzed_data.ConsumeBool()) {
+          oec_sessions.erase(session.iterator);
+        }
+
+        break;
+      }
+
+      case ApiMethod::kCreateEntitledKeySession: {
+        const OEMCrypto_SESSION oec_session =
+            PickSession(fuzzed_data, oec_sessions).value;
+
+        OEMCrypto_SESSION key_session_data = 0;
+        OEMCrypto_SESSION* const key_session =
+            fuzzed_data.ConsumeBool() ? &key_session_data : nullptr;
+
+        const OEMCryptoResult result =
+            OEMCrypto_CreateEntitledKeySession(oec_session, key_session);
+
+        if (result == OEMCrypto_SUCCESS) {
+          key_sessions.push_back(*key_session);
+        }
+
+        break;
+      }
+
+      case ApiMethod::kReassociateEntitledKeySession: {
+        const OEMCrypto_SESSION key_session =
+            PickSession(fuzzed_data, key_sessions).value;
+
+        const OEMCrypto_SESSION oec_session =
+            PickSession(fuzzed_data, oec_sessions).value;
+
+        OEMCrypto_ReassociateEntitledKeySession(key_session, oec_session);
+
+        break;
+      }
+
+      case ApiMethod::kRemoveEntitledKeySession: {
+        const Session key_session = PickSession(fuzzed_data, key_sessions);
+
+        const OEMCryptoResult result =
+            OEMCrypto_RemoveEntitledKeySession(key_session.value);
+
+        if (result == OEMCrypto_SUCCESS &&
+            key_session.iterator != key_sessions.cend() &&
+            fuzzed_data.ConsumeBool()) {
+          key_sessions.erase(key_session.iterator);
+        }
+
+        break;
+      }
+    }
+  }
+
+  OEMCrypto_Terminate();
+  return 0;
+}