Added service_certificate_fuzzer

exec/s: 10 Test: ./service_certificate_fuzzer Bug: 265234582 Change-Id: I7290ec085d44cd7e6c5beeba80d6febd72eda7f7
2023-02-07 17:54:48 +05:30
parent 41a6f51c13
commit aebfcbb789
4 changed files with 565 additions and 1 deletions
--- a/fuzzer/service_certificate_fuzzer.cpp
+++ b/fuzzer/service_certificate_fuzzer.cpp
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+#include "service_certificate.h"
+#include "vendor_widevine_fuzz_helper.h"
+#include "wv_cdm_event_listener.h"
+#include "wv_cdm_types.h"
+#include <crypto_session.h>
+#include <log.h>
+#include <memory>
+#include <utils/Log.h>
+
+using namespace wvcdm;
+using namespace video_widevine;
+
+static constexpr int32_t kMaxNum = 3;
+static constexpr int32_t kMinNum = 0;
+static constexpr int32_t kMaxByte = 256;
+
+class ServiceCertificateFuzzer {
+public:
+  ServiceCertificateFuzzer(const uint8_t *data, size_t size)
+      : mFdp(data, size){};
+  void process();
+
+private:
+  FuzzedDataProvider mFdp;
+};
+
+void ServiceCertificateFuzzer::process() {
+  EncryptedClientIdentification encryptedClientId;
+  ClientIdentification clearClientId;
+  ServiceCertificate serviceCertificate;
+  while (mFdp.remaining_bytes()) {
+    auto invokeServiceCertificateAPI =
+        mFdp.PickValueInArray<const std::function<void()>>({
+            [&]() {
+              FuzzCdmClientPropertySet propertySet(&mFdp);
+              propertySet.enable_privacy_mode();
+              propertySet.set_service_certificate(kTestSignedCertificate);
+              PropertiesTestPeer::ForceReinit();
+              PropertiesTestPeer::AddSessionPropertySet(
+                  mFdp.ConsumeBool() ? kTestSessionId1
+                                     : mFdp.ConsumeRandomLengthString(kMaxByte),
+                  &propertySet);
+              std::string rawServiceCertificate;
+              PropertiesTestPeer::GetServiceCertificate(
+                  mFdp.ConsumeBool() ? kTestSessionId1
+                                     : mFdp.ConsumeRandomLengthString(kMaxByte),
+                  &rawServiceCertificate);
+              if (mFdp.ConsumeBool()) {
+                serviceCertificate.Init(mFdp.ConsumeBool()
+                                            ? rawServiceCertificate
+                                            : kTestSignedCertificate);
+              } else {
+                serviceCertificate.Init(
+                    mFdp.ConsumeRandomLengthString(kMaxByte));
+              }
+            },
+            [&]() {
+              serviceCertificate.VerifySignedMessage(
+                  mFdp.ConsumeRandomLengthString(kMaxByte) /*message*/,
+                  mFdp.ConsumeRandomLengthString(kMaxByte) /*signature*/);
+            },
+            [&]() {
+              CdmKeyMessage signedCertificate =
+                  mFdp.ConsumeRandomLengthString(kMaxByte);
+              serviceCertificate.ParseResponse(
+                  mFdp.ConsumeRandomLengthString(kMaxByte) /*response*/,
+                  mFdp.ConsumeBool()
+                      ? nullptr
+                      : &signedCertificate /*signed_certificate*/);
+            },
+            [&]() {
+              CdmKeyMessage request;
+              serviceCertificate.GetRequest(mFdp.ConsumeBool() ? nullptr
+                                                               : &request);
+            },
+            [&]() {
+              /**
+               * crypto_session object is not used in EncryptClientId.
+               * Therefore keeping crypto_session as nullptr.
+               */
+              ClientIdentification_ClientCapabilities *clientCapabilities =
+                  clearClientId.mutable_client_capabilities();
+              /**
+               * Default value of clientCapabilities is false.
+               * So passing true to all set methods.
+               */
+              int32_t clientCase =
+                  mFdp.ConsumeIntegralInRange<int32_t>(kMinNum, kMaxNum);
+              switch (clientCase) {
+              case 0:
+                clientCapabilities->set_client_token(true /*Value*/);
+                break;
+              case 1:
+                clientCapabilities->set_session_token(true /*Value*/);
+                break;
+              case 2:
+                clientCapabilities->set_video_resolution_constraints(
+                    true /*Value*/);
+                break;
+              default:
+                break;
+              }
+              serviceCertificate.EncryptClientId(nullptr /*crypto_session*/,
+                                                 &clearClientId,
+                                                 &encryptedClientId);
+            },
+        });
+    invokeServiceCertificateAPI();
+  }
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  ServiceCertificateFuzzer serviceCertificateFuzzer(data, size);
+  serviceCertificateFuzzer.process();
+  return 0;
+}