Replace entitled key session fuzzer

Enable multiple OEMCrypto calls in arbitrary order, multiple OEMCrypto sessions, and OEMCrypto_ReassociateEntitledKeySession fuzzing. Merged from https://widevine-internal-review.googlesource.com/174990 Merged from https://widevine-internal-review.googlesource.com/178330 Change-Id: Ic1ac754c74bf0299c8c9f04ffdbfe82cf9f7569d
2023-05-11 18:01:48 +00:00
parent 79c809840e
commit 9a24732f5b
2 changed files with 136 additions and 32 deletions
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_create_and_remove_entitled_key_session_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_create_and_remove_entitled_key_session_fuzz.cc
@@ -1,32 +0,0 @@
 // Copyright 2022 Google LLC. All Rights Reserved. This file and proprietary
 // source code may only be used and distributed under the Widevine
 // License Agreement.
 #include "FuzzedDataProvider.h"
 #include "OEMCryptoCENC.h"
 #include "oemcrypto_fuzz_helper.h"
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  wvoec::RedirectStdoutToFile();
  wvoec::SessionFuzz session_fuzz;
  session_fuzz.Initialize();
  FuzzedDataProvider fuzzed_data(data, size);
  uint32_t key_session;
  uint32_t* const key_session_ptr =
      fuzzed_data.ConsumeBool() ? &key_session : nullptr;
  OEMCrypto_CreateEntitledKeySession(session_fuzz.session().session_id(),
                                     key_session_ptr);
  if (key_session_ptr == nullptr || fuzzed_data.ConsumeBool()) {
    key_session = fuzzed_data.ConsumeIntegral<uint32_t>();
  }
  OEMCrypto_RemoveEntitledKeySession(key_session);
  session_fuzz.Terminate();
  return 0;
 }
--- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_entitled_key_session_fuzz.cc
+++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_entitled_key_session_fuzz.cc
@@ -0,0 +1,136 @@
 // Copyright 2023 Google LLC. All Rights Reserved. This file and proprietary
 // source code may only be used and distributed under the Widevine
 // License Agreement.
 #include <vector>
 #include "FuzzedDataProvider.h"
 #include "OEMCryptoCENC.h"
 #include "oemcrypto_fuzz_helper.h"
 namespace {
 enum class ApiMethod {
  kOpenSession,
  kCloseSession,
  kCreateEntitledKeySession,
  kReassociateEntitledKeySession,
  kRemoveEntitledKeySession,
  kMaxValue = kRemoveEntitledKeySession,
 };
 struct Session {
  OEMCrypto_SESSION value;
  std::vector<OEMCrypto_SESSION>::const_iterator iterator;
 };
 Session PickSession(FuzzedDataProvider& fuzzed_data,
                    const std::vector<OEMCrypto_SESSION>& sessions) {
  Session session;
  session.iterator =
      sessions.cbegin() +
      fuzzed_data.ConsumeIntegralInRange<size_t>(0, sessions.size());
  if (session.iterator != sessions.cend()) {
    session.value = *session.iterator;
  } else {
    session.value = fuzzed_data.ConsumeIntegral<OEMCrypto_SESSION>();
  }
  return session;
 }
 }  // namespace
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  wvoec::RedirectStdoutToFile();
  wvoec::SessionUtil session_util;
  wvoec::InitializeFuzz(session_util);
  // Contains all open and some closed OEMCrypto sessions.
  std::vector<OEMCrypto_SESSION> oec_sessions;
  // Contains all current and some removed key sessions.
  std::vector<OEMCrypto_SESSION> key_sessions;
  FuzzedDataProvider fuzzed_data(data, size);
  while (fuzzed_data.remaining_bytes() > 0) {
    switch (fuzzed_data.ConsumeEnum<ApiMethod>()) {
      case ApiMethod::kOpenSession: {
        OEMCrypto_SESSION session = 0;
        const OEMCryptoResult result = OEMCrypto_OpenSession(&session);
        if (result == OEMCrypto_SUCCESS) {
          oec_sessions.push_back(session);
        }
        break;
      }
      case ApiMethod::kCloseSession: {
        const Session session = PickSession(fuzzed_data, oec_sessions);
        const OEMCryptoResult result = OEMCrypto_CloseSession(session.value);
        if (result == OEMCrypto_SUCCESS &&
            session.iterator != oec_sessions.cend() &&
            fuzzed_data.ConsumeBool()) {
          oec_sessions.erase(session.iterator);
        }
        break;
      }
      case ApiMethod::kCreateEntitledKeySession: {
        const OEMCrypto_SESSION oec_session =
            PickSession(fuzzed_data, oec_sessions).value;
        OEMCrypto_SESSION key_session_data = 0;
        OEMCrypto_SESSION* const key_session =
            fuzzed_data.ConsumeBool() ? &key_session_data : nullptr;
        const OEMCryptoResult result =
            OEMCrypto_CreateEntitledKeySession(oec_session, key_session);
        if (result == OEMCrypto_SUCCESS) {
          key_sessions.push_back(*key_session);
        }
        break;
      }
      case ApiMethod::kReassociateEntitledKeySession: {
        const OEMCrypto_SESSION key_session =
            PickSession(fuzzed_data, key_sessions).value;
        const OEMCrypto_SESSION oec_session =
            PickSession(fuzzed_data, oec_sessions).value;
        OEMCrypto_ReassociateEntitledKeySession(key_session, oec_session);
        break;
      }
      case ApiMethod::kRemoveEntitledKeySession: {
        const Session key_session = PickSession(fuzzed_data, key_sessions);
        const OEMCryptoResult result =
            OEMCrypto_RemoveEntitledKeySession(key_session.value);
        if (result == OEMCrypto_SUCCESS &&
            key_session.iterator != key_sessions.cend() &&
            fuzzed_data.ConsumeBool()) {
          key_sessions.erase(key_session.iterator);
        }
        break;
      }
    }
  }
  OEMCrypto_Terminate();
  return 0;
 }