diff --git a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h index 0d1bba3b..628eecbd 100644 --- a/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h +++ b/libwvdrmengine/oemcrypto/include/OEMCryptoCENC.h @@ -379,6 +379,7 @@ typedef struct { typedef enum OEMCrypto_Algorithm { OEMCrypto_AES_CBC_128_NO_PADDING = 0, OEMCrypto_HMAC_SHA256 = 1, + OEMCrypto_Algorithm_MaxValue = 1, } OEMCrypto_Algorithm; /// @} diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/README.md b/libwvdrmengine/oemcrypto/test/fuzz_tests/README.md index 8c163fb1..d7413bd3 100644 --- a/libwvdrmengine/oemcrypto/test/fuzz_tests/README.md +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/README.md @@ -1,5 +1,9 @@ # OEMCRYPTO Fuzzing +Refer to [Setting up Clusterfuzz](build_clusterfuzz.md) if you are interested +in setting up a local instance of cluster fuzz to run fuzzing on your own +OEMCrypto implementations on linux. + ## Objective * Run fuzzing on OEMCrypto public APIs on linux using google supported @@ -76,13 +80,31 @@ $ export PATH_TO_CDM_DIR=.. $ gyp --format=ninja --depth=$(pwd) oemcrypto/oemcrypto_unittests.gyp $ ninja -C out/Default/ - $ ./out/Default/oemcrypto_unittests --generate_corpus + $ mkdir oemcrypto/test/fuzz_tests/corpus/_seed_corpus + # Generate corpus by excluding buffer overflow tests. + $ ./out/Default/oemcrypto_unittests --generate_corpus \ + --gtest_filter=-"*Huge*" + ``` + +* There can be lot of duplicate corpus files that are generated from unit + tests. We can minimize the corpus files to only a subset of files that + cover unique paths within the API when run using fuzzer. Run following + command to minimize corpus. + + ```shell + $ cd /path/to/cdm/repo + # build fuzzer binaries + $ ./oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests + $ mkdir /tmp/minimized_corpus + # minimize corpus + $ ./out/Default/ -merge=1 /tmp/minimized_corpus \ + ``` -* To avoid uploading huge binary files to git repository, the corpus files - will be saved in fuzzername_seed_corpus.zip format in blockbuster project's - oemcrypto_fuzzing_corpus GCS bucket using gsutil. If you need permissions - for blockbuster project, contact widevine-engprod@google.com. +* To avoid uploading huge binary files to git repository, the minimized corpus + files will be saved in fuzzername_seed_corpus.zip format in blockbuster + project's oemcrypto_fuzzing_corpus GCS bucket using gsutil. If you need + permissions for blockbuster project, contact widevine-engprod@google.com. ```shell $ gsutil cp gs://oemcrypto_fuzzing_corpus/ \ @@ -106,7 +128,7 @@ * Build and test fuzz scripts locally using following commands. The build script builds fuzz binaries for both oemcrypto reference implementation - as well as odkitee implementation. + as well as opk implementation. ```shell $ cd PATH_TO_CDM_DIR diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/build_clusterfuzz.md b/libwvdrmengine/oemcrypto/test/fuzz_tests/build_clusterfuzz.md new file mode 100644 index 00000000..f3a0108b --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/build_clusterfuzz.md @@ -0,0 +1,174 @@ +# OEMCRYPTO Fuzzing - Build clustefuzz and run fuzzing + +## Objective + +* Run fuzzing on OEMCrypto public APIs on linux by building open sourced + clusterfuzz source code in order to find security vulnerabilities. + + [Clusterfuzz][1] + +* Partners who implement OEMCrypto can follow these instructions to build + clusterfuzz, the fuzzing framework and run fuzzing using fuzzer scripts + provided by the Widevine team at Google. + +## Glossary + +* Fuzzing - Fuzzing is a methodology where random, interesting, unexpected + inputs are fed to APIs in order to crash those, thereby catching any + security vulnerabilities with the code. + +* Fuzzing engines - [libfuzzer][4], afl, honggfuzz are the actual fuzzing + engines that get the coverage information from API, use that to generate + more interesting inputs which can be passed to fuzzer. + +* Seed corpus - Fuzzing engine trying to generate interesting inputs from an + empty file is not efficient. Seed corpus is the initial input that a fuzzer + can accept and call the API with that. Fuzzing engine can then mutate this + seed corpus to generate more inputs to fuzzer. + +* Clusterfuzz - ClusterFuzz is a scalable fuzzing infrastructure that finds + security and stability issues in software. Google uses ClusterFuzz to fuzz + all Google products. Clusterfuzz provides us with the capability, tools to + upload fuzz binaries and make use of the fuzzing engines to run fuzzing, + find crashes and organizes the information. Clusterfuzz framework is open + sourced, the source code can be downloaded and framework can be built + locally or by using google cloud. + +* Fuzzing output - Fuzzing is used to pass random inputs to API in order to + ensure that API is crash resistant. We are not testing functionality via + fuzzing. Fuzz scripts run continuously until they find a crash with the API + under test. + +## Building fuzz scripts + +This section outlines the steps to build fuzz binaries that can be run +continuously using clusterfuzz. + +> **Note:** All the directories mentioned below are relative to cdm repository +> root directory. + +1. Fuzz scripts for OEMCrypto APIs are provided by the Widevine team at Google + located under `oemcrypto/test/fuzz_tests` directory. + +> **Note:** Prerequisites to run the following step are [here][10]. We also need +> to install ninja. + +2. Build a static library of your OEMCrypto implementation. + * Compile and link your OEMCrypto implementation source with + `-fsanitize=address,fuzzer` flag as per these [instructions][9] when + building a static library. + + * Run `./oemcrypto/test/fuzz_tests/build_partner_oemcrypto_fuzztests + ` script from cdm repository root + directory. + + * This will generate fuzz binaries under the `out/Default` directory. + + + +> **Note:** Alternatively, you can use your own build systems, for which you +> will need to define your own build files with the OEMCrypto fuzz source files +> included. You can find the the fuzz source files in +> `oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gyp` and +> `oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gypi`. + +3. Seed corpus for each fuzz script can be found under + `oemcrypto/test/fuzz_tests/corpus` directory. Some fuzzers are simple and do + not have seed corpus associated with them. + +4. Create a zip file `oemcrypto_fuzzers_yyyymmddhhmmss.zip` with fuzz binaries + and respective seed corpus zip files. Structure of a sample zip file with + fuzzer binaries and seed corpus would look like following: + + ``` + * fuzzerA + * fuzzerA_seed_corpus.zip + * fuzzerB + * fuzzerB_seed_corpus.zip + * fuzzerC (fuzzerC doesn't have seed corpus associated with it) + ``` + +## Building clusterfuzz + +* OEMCrypto implementation can be fuzzed by building clusterfuzz code which is + open sourced and using it to run fuzzing. Use a Linux VM to build + clusterfuzz. + +> **Note:** You may see some issues with python modules missing, please install +> those modules if you see errors. If you have multiple versions of python on +> the VM, then use `python -m pipenv shell` when you are at [this][3] +> step. + +* Follow these [instructions][2] in order to download clusterfuzz repository, + build it locally or create a continuous fuzz infrastructure setup using + google cloud. + +## Running fuzzers on local clusterfuzz instance + +* If you prefer to run fuzzing on a local machine instead of having a + production setup using google cloud, then follow these [instructions][6] to + add a job to the local clusterfuzz instance. + +> **Note:** Job name should have a fuzzing engine and sanitizer as part of it. A +> libfuzzer and asan jobs should have libfuzzer_asan in the job name. + +* Create a job e:g:`libfuzzer_asan_oemcrypto` and upload previously created + `oemcrypto_fuzzers_yyyymmddhhmmss.zip` as a custom build. Future uploads of + zip file should have a name greater than current name. Following the above + naming standard will ensure zip file names are always in ascending order. + +* Once the job is added and clusterfuzz bot is running, fuzzing should be up + and running. Results can be monitored as mentioned [here][6]. + +* On a local clusterfuzz instance, only one fuzzer is being fuzzed at a time. + +> **Note:** Fuzzing is time consuming. Finding issues as well as clusterfuzz +> regressing and fixing the issues can take time. We need fuzzing to run at +> least for a couple of weeks to have good coverage. + +## Finding fuzz crashes + +Once the clusterfuzz finds an issue, it logs crash information such as the +build, test case and stack trace for the crash. + +* Test cases tab should show the fuzz crash and test case that caused the + crash. Run `./fuzz_binary ` in order to debug the crash locally. + +More information about different types of logs is as below: + +* [Bot logs][7] will show information related to fuzzing, number of crashes + that a particular fuzzer finds, number of new crashes, number of known + crashes etc. + +* [Local GCS][8] in your clusterfuzz checkout folder will store the fuzz + binaries that are being fuzzed, seed corpus etc. + +* `local_gcs/test-fuzz-logs-bucket` will store information related to fuzz + crashes if any were found by the fuzzing engine. It will store crash + information categorized by fuzzer and by each day. It will also store test + case that caused the crash. + +* `/path/to/my-bot/clusterfuzz/log.txt` will have any log information from + fuzzer script and OEMCrypto implementation. + +## Fixing issues + +* Once you are able to debug using the crash test case, apply fix to the + implementation, create `oemcrypto_fuzzers_yyyymmddhhmmss.zip` with latest + fuzz binaries. + +* Upload the latest fuzz binary to the fuzz job that was created earlier. + Fuzzer will recognize the fix and mark the crash as fixed in test cases tab + once the regression finishes. You do not need to update crashes as fixed, + clusterfuzz will do that. + +[1]: https://google.github.io/clusterfuzz/ +[2]: https://google.github.io/clusterfuzz/getting-started/ +[3]: https://google.github.io/clusterfuzz/getting-started/prerequisites/#loading-pipenv +[4]: https://llvm.org/docs/LibFuzzer.html +[5]: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/ +[6]: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/#checking-results +[7]: https://google.github.io/clusterfuzz/getting-started/local-instance/#viewing-logs +[8]: https://google.github.io/clusterfuzz/getting-started/local-instance/#local-google-cloud-storage +[9]: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/#libfuzzer +[10]: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/#prerequisites diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests b/libwvdrmengine/oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests index f30cacd0..41c9b62d 100755 --- a/libwvdrmengine/oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/build_oemcrypto_fuzztests @@ -10,10 +10,10 @@ export PYTHONPATH="$PYTHONPATH:$PATH_TO_CDM_DIR/third_party" python3 $PATH_TO_CDM_DIR/third_party/gyp/__init__.py --format=ninja \ --depth=$(pwd) oemcrypto/test/fuzz_tests/oemcrypto_fuzztests.gyp ninja -C out/Default -# oemcrypto_odkitee_fuzztests.gypi has flags to instrument all the gyp targets +# oemcrypto_opk_fuzztests.gypi has flags to instrument all the gyp targets # with fuzzer flags. python3 $PATH_TO_CDM_DIR/third_party/gyp/__init__.py --format=ninja \ --depth=$(pwd) \ - --include=oemcrypto/test/fuzz_tests/oemcrypto_odkitee_fuzztests.gypi \ - oemcrypto/test/fuzz_tests/oemcrypto_odkitee_fuzztests.gyp + --include=oemcrypto/test/fuzz_tests/oemcrypto_opk_fuzztests.gypi \ + oemcrypto/test/fuzz_tests/oemcrypto_opk_fuzztests.gyp ninja -C out/Default \ No newline at end of file diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/build_partner_oemcrypto_fuzztests b/libwvdrmengine/oemcrypto/test/fuzz_tests/build_partner_oemcrypto_fuzztests new file mode 100755 index 00000000..b320a8fc --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/build_partner_oemcrypto_fuzztests @@ -0,0 +1,15 @@ +#!/bin/bash +set -ex + +# For use by partners to generate fuzz binaries for their OEMCrypto +# implementation on linux. + +export CXX=clang++ +export CC=clang +export GYP_DEFINES="$GYP_DEFINES clang=1 oemcrypto_static_library=$1" +export PATH_TO_CDM_DIR=. +export PYTHONPATH="$PYTHONPATH:$PATH_TO_CDM_DIR/third_party" + +python3 $PATH_TO_CDM_DIR/third_party/gyp/__init__.py --format=ninja \ + --depth=$(pwd) oemcrypto/test/fuzz_tests/partner_oemcrypto_fuzztests.gyp +ninja -C out/Default \ No newline at end of file diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/1970fbbb5d20902996167f3309fbd38a6850b147 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/1970fbbb5d20902996167f3309fbd38a6850b147 new file mode 100644 index 00000000..3c2447f9 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/1970fbbb5d20902996167f3309fbd38a6850b147 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/5812ad7753622d9177a1b3dd71c6c4a008ff54eb b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/5812ad7753622d9177a1b3dd71c6c4a008ff54eb new file mode 100644 index 00000000..46c70c78 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_copy_buffer_fuzz_seed_corpus/5812ad7753622d9177a1b3dd71c6c4a008ff54eb differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/10da8c370429a6a450d5ad0ee563653d18dbfeb8 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/10da8c370429a6a450d5ad0ee563653d18dbfeb8 new file mode 100644 index 00000000..129e7c5a Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/10da8c370429a6a450d5ad0ee563653d18dbfeb8 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/1ae600c50a9a0bca685d7b83004fa3135901ded2 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/1ae600c50a9a0bca685d7b83004fa3135901ded2 new file mode 100644 index 00000000..803d2150 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/1ae600c50a9a0bca685d7b83004fa3135901ded2 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/21d16dc13d2b8103c7943a5bd960ebc77dfefde4 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/21d16dc13d2b8103c7943a5bd960ebc77dfefde4 new file mode 100644 index 00000000..f3c738d5 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/21d16dc13d2b8103c7943a5bd960ebc77dfefde4 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/38d4821122ddf0e84dba312f444bfbef5b81cc9d b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/38d4821122ddf0e84dba312f444bfbef5b81cc9d new file mode 100644 index 00000000..deaea68f Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/38d4821122ddf0e84dba312f444bfbef5b81cc9d differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cdf5d3cd5937b78d2560970a0ccce14fb0d0230 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cdf5d3cd5937b78d2560970a0ccce14fb0d0230 new file mode 100644 index 00000000..1daaa246 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cdf5d3cd5937b78d2560970a0ccce14fb0d0230 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cf22dc963d6705061004cb0fad32bdebc86ffc9 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cf22dc963d6705061004cb0fad32bdebc86ffc9 new file mode 100644 index 00000000..30e88100 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3cf22dc963d6705061004cb0fad32bdebc86ffc9 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3d891464eace6f7d3c716830e6051f7e90b90610 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3d891464eace6f7d3c716830e6051f7e90b90610 new file mode 100644 index 00000000..66ff92c3 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/3d891464eace6f7d3c716830e6051f7e90b90610 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/6f65463040c50e026e252e7544dff41babbc4604 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/6f65463040c50e026e252e7544dff41babbc4604 new file mode 100644 index 00000000..a7629af7 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/6f65463040c50e026e252e7544dff41babbc4604 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/737cd5853708e2d2732e4c54dc944bc54d522406 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/737cd5853708e2d2732e4c54dc944bc54d522406 new file mode 100644 index 00000000..93bed59a Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/737cd5853708e2d2732e4c54dc944bc54d522406 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/d775f9b5597e76cbf380ad74fea86c307c224309 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/d775f9b5597e76cbf380ad74fea86c307c224309 new file mode 100644 index 00000000..e6b86fa1 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/d775f9b5597e76cbf380ad74fea86c307c224309 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/e9c4232d40cbc76f71220641ea9f8740bfedd306 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/e9c4232d40cbc76f71220641ea9f8740bfedd306 new file mode 100644 index 00000000..d586f100 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/e9c4232d40cbc76f71220641ea9f8740bfedd306 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/eaf3adf2980f1f1f021aafe465ec04d2bbf5d1ce b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/eaf3adf2980f1f1f021aafe465ec04d2bbf5d1ce new file mode 100644 index 00000000..a7dc6140 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/eaf3adf2980f1f1f021aafe465ec04d2bbf5d1ce differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/f6c28150e2e1a1390516a09d453d33cb9a1337b4 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/f6c28150e2e1a1390516a09d453d33cb9a1337b4 new file mode 100644 index 00000000..b9800961 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_decrypt_cenc_fuzz_seed_corpus/f6c28150e2e1a1390516a09d453d33cb9a1337b4 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generate_rsa_signature_fuzz_seed_corpus/1315634022 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generate_rsa_signature_fuzz_seed_corpus/1315634022 new file mode 100644 index 00000000..60e4ed96 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generate_rsa_signature_fuzz_seed_corpus/1315634022 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/6c6a072aa58399454ee759bac539109a20f7e97f b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/6c6a072aa58399454ee759bac539109a20f7e97f new file mode 100644 index 00000000..411b41ca Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/6c6a072aa58399454ee759bac539109a20f7e97f differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/75ae4c5769c9568d631452df3b3702d876e4863a b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/75ae4c5769c9568d631452df3b3702d876e4863a new file mode 100644 index 00000000..dd245f4a Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/75ae4c5769c9568d631452df3b3702d876e4863a differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/9bdb356ec50807b86c807c09c780267101fd1a0b b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/9bdb356ec50807b86c807c09c780267101fd1a0b new file mode 100644 index 00000000..ff53f68f Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_decrypt_fuzz_seed_corpus/9bdb356ec50807b86c807c09c780267101fd1a0b differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/4114e243c6726f2d6dd11baefc4ad43fbd2b3595 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/4114e243c6726f2d6dd11baefc4ad43fbd2b3595 new file mode 100644 index 00000000..d42496e1 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/4114e243c6726f2d6dd11baefc4ad43fbd2b3595 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/424ad879ed92e646707f53a2cd963910ffbb5c08 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/424ad879ed92e646707f53a2cd963910ffbb5c08 new file mode 100644 index 00000000..747df46b Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_encrypt_fuzz_seed_corpus/424ad879ed92e646707f53a2cd963910ffbb5c08 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_sign_fuzz_seed_corpus/f5d513d7333b92263ad849759db52a0cb4f383cd b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_sign_fuzz_seed_corpus/f5d513d7333b92263ad849759db52a0cb4f383cd new file mode 100644 index 00000000..4eb47bcc Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_sign_fuzz_seed_corpus/f5d513d7333b92263ad849759db52a0cb4f383cd differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/374d2a1ab0be81451653b26a0ff99c2f20351700 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/374d2a1ab0be81451653b26a0ff99c2f20351700 new file mode 100644 index 00000000..561fce23 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/374d2a1ab0be81451653b26a0ff99c2f20351700 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/7a883f7628e57eb5fe48d660fed48ac5da2f5d21 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/7a883f7628e57eb5fe48d660fed48ac5da2f5d21 new file mode 100644 index 00000000..2f041f70 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/7a883f7628e57eb5fe48d660fed48ac5da2f5d21 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/a591b11c7ff1f45e8edb1a055a3255edb247576d b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/a591b11c7ff1f45e8edb1a055a3255edb247576d new file mode 100644 index 00000000..f5dc76e4 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/a591b11c7ff1f45e8edb1a055a3255edb247576d differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/c182ac7556d1cd1ed73da74882dee807381f3ee0 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/c182ac7556d1cd1ed73da74882dee807381f3ee0 new file mode 100644 index 00000000..7a2af725 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_generic_verify_fuzz_seed_corpus/c182ac7556d1cd1ed73da74882dee807381f3ee0 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/3f58051d431ac575d0b804b2d512e46d7e8b4cda b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/3f58051d431ac575d0b804b2d512e46d7e8b4cda new file mode 100644 index 00000000..40d44367 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/3f58051d431ac575d0b804b2d512e46d7e8b4cda differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/4e2fef7ad945773dd77eb37d7d08dd2368ad4b89 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/4e2fef7ad945773dd77eb37d7d08dd2368ad4b89 new file mode 100644 index 00000000..57fbaf09 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_license_request_fuzz_seed_corpus/4e2fef7ad945773dd77eb37d7d08dd2368ad4b89 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/6f8b954fb7f8be2c3632f931aaf55e3d1a6c58d8 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/6f8b954fb7f8be2c3632f931aaf55e3d1a6c58d8 new file mode 100644 index 00000000..baf0a05c Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/6f8b954fb7f8be2c3632f931aaf55e3d1a6c58d8 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/7997b5673d5a9402b2f8acc43f92cdf6ad1f913d b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/7997b5673d5a9402b2f8acc43f92cdf6ad1f913d new file mode 100644 index 00000000..4e600526 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/7997b5673d5a9402b2f8acc43f92cdf6ad1f913d differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/8196b2365ca56224853dfeeddde216b4f467f0dd b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/8196b2365ca56224853dfeeddde216b4f467f0dd new file mode 100644 index 00000000..639ab6a0 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/8196b2365ca56224853dfeeddde216b4f467f0dd differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/81ac6d013d80da7f67fe6fbb5e8c15a35a0d8134 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/81ac6d013d80da7f67fe6fbb5e8c15a35a0d8134 new file mode 100644 index 00000000..16a14bc7 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_entitled_content_keys_fuzz_seed_corpus/81ac6d013d80da7f67fe6fbb5e8c15a35a0d8134 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0567e5f52c00fed0ad7858164434b02d8e629064 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0567e5f52c00fed0ad7858164434b02d8e629064 new file mode 100644 index 00000000..08541f45 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0567e5f52c00fed0ad7858164434b02d8e629064 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0f5cc252aaf43eaa1570ca07d174a0f96333c592 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0f5cc252aaf43eaa1570ca07d174a0f96333c592 new file mode 100644 index 00000000..6f71c2eb Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0f5cc252aaf43eaa1570ca07d174a0f96333c592 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0fdcae4df7bc325099fb4b3b01a1c9290229f86c b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0fdcae4df7bc325099fb4b3b01a1c9290229f86c new file mode 100644 index 00000000..6f61946d Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/0fdcae4df7bc325099fb4b3b01a1c9290229f86c differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/134a0d85fbcbe367e66d69127114bece71add806 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/134a0d85fbcbe367e66d69127114bece71add806 new file mode 100644 index 00000000..70ed9c59 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/134a0d85fbcbe367e66d69127114bece71add806 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/1ee4b9ce1a4acc41e912487383ad77f3ccaa97fb b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/1ee4b9ce1a4acc41e912487383ad77f3ccaa97fb new file mode 100644 index 00000000..cab8c502 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/1ee4b9ce1a4acc41e912487383ad77f3ccaa97fb differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2d7246bd48ed8b68599445c98bb822c87f86acd1 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2d7246bd48ed8b68599445c98bb822c87f86acd1 new file mode 100644 index 00000000..0aded9db Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2d7246bd48ed8b68599445c98bb822c87f86acd1 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2f64b8ffa25844924fe24678067feee9be80f4ec b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2f64b8ffa25844924fe24678067feee9be80f4ec new file mode 100644 index 00000000..7aac2f96 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/2f64b8ffa25844924fe24678067feee9be80f4ec differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/3acf30d485a4370ceb8e64785094a50b768e1ca4 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/3acf30d485a4370ceb8e64785094a50b768e1ca4 new file mode 100644 index 00000000..57edbd78 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/3acf30d485a4370ceb8e64785094a50b768e1ca4 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/461c08228ae6a0eaa191d24eea1823b46f4a9d67 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/461c08228ae6a0eaa191d24eea1823b46f4a9d67 new file mode 100644 index 00000000..591c0e9d Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/461c08228ae6a0eaa191d24eea1823b46f4a9d67 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/4b69b92f45febc4dbf5b8fb9a216a290ba51d478 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/4b69b92f45febc4dbf5b8fb9a216a290ba51d478 new file mode 100644 index 00000000..0a09fb4f Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/4b69b92f45febc4dbf5b8fb9a216a290ba51d478 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/5db53de009652f61b1ed21ee988d0156ce287033 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/5db53de009652f61b1ed21ee988d0156ce287033 new file mode 100644 index 00000000..dc80cb88 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/5db53de009652f61b1ed21ee988d0156ce287033 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/618cdf5927b2b092d9d7b5e93c30af8708270f11 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/618cdf5927b2b092d9d7b5e93c30af8708270f11 new file mode 100644 index 00000000..dc58149e Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/618cdf5927b2b092d9d7b5e93c30af8708270f11 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/78e527f05b03c2ecd8a0ffc2baeb5dab57088934 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/78e527f05b03c2ecd8a0ffc2baeb5dab57088934 new file mode 100644 index 00000000..bd4f8760 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/78e527f05b03c2ecd8a0ffc2baeb5dab57088934 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7dcdad1c2df1656678947b2009a9fcea44f4025d b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7dcdad1c2df1656678947b2009a9fcea44f4025d new file mode 100644 index 00000000..e3202611 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7dcdad1c2df1656678947b2009a9fcea44f4025d differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7e120b1ec852c448490b9b060a5f35deb486c360 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7e120b1ec852c448490b9b060a5f35deb486c360 new file mode 100644 index 00000000..9bed2849 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7e120b1ec852c448490b9b060a5f35deb486c360 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7f701c0f31e68192bc8c829f343fa2326aa4d3dc b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7f701c0f31e68192bc8c829f343fa2326aa4d3dc new file mode 100644 index 00000000..7cd10afe Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/7f701c0f31e68192bc8c829f343fa2326aa4d3dc differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/8243212a7a7160c91e2f9717b855b568f9a34233 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/8243212a7a7160c91e2f9717b855b568f9a34233 new file mode 100644 index 00000000..352ae2ed Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/8243212a7a7160c91e2f9717b855b568f9a34233 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/85bff933def1ce530a1febd93ef2890ed4bcdcb5 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/85bff933def1ce530a1febd93ef2890ed4bcdcb5 new file mode 100644 index 00000000..1e5f3405 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/85bff933def1ce530a1febd93ef2890ed4bcdcb5 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/a06905d0b9421966c527b5ef2ac68bdce1e0cfe5 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/a06905d0b9421966c527b5ef2ac68bdce1e0cfe5 new file mode 100644 index 00000000..02ccf562 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/a06905d0b9421966c527b5ef2ac68bdce1e0cfe5 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/b452f7b6c615035d63a9825c5c17e049f54648ef b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/b452f7b6c615035d63a9825c5c17e049f54648ef new file mode 100644 index 00000000..c708d1e6 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/b452f7b6c615035d63a9825c5c17e049f54648ef differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/bb8c2201cf10fd7d24fc0c8009a44525f426b033 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/bb8c2201cf10fd7d24fc0c8009a44525f426b033 new file mode 100644 index 00000000..8f98344f Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/bb8c2201cf10fd7d24fc0c8009a44525f426b033 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/c7a7cd07925450628efa677165d403510d89bf51 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/c7a7cd07925450628efa677165d403510d89bf51 new file mode 100644 index 00000000..5442bebb Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/c7a7cd07925450628efa677165d403510d89bf51 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-5919435528601600 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-5919435528601600 new file mode 100644 index 00000000..58dc14ff Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-5919435528601600 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-6406770604638208 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-6406770604638208 new file mode 100644 index 00000000..1a0f23cf Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/clusterfuzz-testcase-minimized-oemcrypto_load_license_fuzz-6406770604638208 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/d7014f417415314dd83162570bcafd7935875f00 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/d7014f417415314dd83162570bcafd7935875f00 new file mode 100644 index 00000000..3df5267a Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/d7014f417415314dd83162570bcafd7935875f00 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e26757270b3d149d1ce10bef32ed0b3a5794977c b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e26757270b3d149d1ce10bef32ed0b3a5794977c new file mode 100644 index 00000000..d8911528 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e26757270b3d149d1ce10bef32ed0b3a5794977c differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e598a949c6b14e1a3f96bcdf1b3d9335b07a6085 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e598a949c6b14e1a3f96bcdf1b3d9335b07a6085 new file mode 100644 index 00000000..b54027c5 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_license_fuzz_seed_corpus/e598a949c6b14e1a3f96bcdf1b3d9335b07a6085 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/2f194a24b3b2f2e096403926fca6b2fda4883e7c b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/2f194a24b3b2f2e096403926fca6b2fda4883e7c new file mode 100644 index 00000000..73e48a7c Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/2f194a24b3b2f2e096403926fca6b2fda4883e7c differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/4b31607722adad1f28555bc9b07cd17100a90df6 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/4b31607722adad1f28555bc9b07cd17100a90df6 new file mode 100644 index 00000000..2f42d660 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/4b31607722adad1f28555bc9b07cd17100a90df6 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/543f332b627f3891b3f15c6227f4f946cba81886 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/543f332b627f3891b3f15c6227f4f946cba81886 new file mode 100644 index 00000000..b3788a28 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/543f332b627f3891b3f15c6227f4f946cba81886 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/6a33ae6e95eb1b9fbf116359df679265376b308b b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/6a33ae6e95eb1b9fbf116359df679265376b308b new file mode 100644 index 00000000..dcab52c8 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/6a33ae6e95eb1b9fbf116359df679265376b308b differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/a98f2da86c01706159e32fc37c1a6b2df779395a b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/a98f2da86c01706159e32fc37c1a6b2df779395a new file mode 100644 index 00000000..dfa20e2c Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/a98f2da86c01706159e32fc37c1a6b2df779395a differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/dc6e941489e6164e349a9dd0a80713f57645b0db b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/dc6e941489e6164e349a9dd0a80713f57645b0db new file mode 100644 index 00000000..c9486619 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/dc6e941489e6164e349a9dd0a80713f57645b0db differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/fb7a84cdab0bff7dabb339c7fc35eb2ea3c2eb9c b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/fb7a84cdab0bff7dabb339c7fc35eb2ea3c2eb9c new file mode 100644 index 00000000..eacb9d2b Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_provisioning_fuzz_seed_corpus/fb7a84cdab0bff7dabb339c7fc35eb2ea3c2eb9c differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f00652aa0e80e90257bfa28a63e623a92e25d4d8 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f00652aa0e80e90257bfa28a63e623a92e25d4d8 new file mode 100644 index 00000000..a71ef18d Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f00652aa0e80e90257bfa28a63e623a92e25d4d8 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f2f45ab615736936405ec6c8df9ab92dbc91017b b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f2f45ab615736936405ec6c8df9ab92dbc91017b new file mode 100644 index 00000000..263e0606 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_load_renewal_fuzz_seed_corpus/f2f45ab615736936405ec6c8df9ab92dbc91017b differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_provisioning_request_fuzz_seed_corpus/6ee38ff02d14cae0565cd26553cde5f898444014 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_provisioning_request_fuzz_seed_corpus/6ee38ff02d14cae0565cd26553cde5f898444014 new file mode 100644 index 00000000..1eb62c38 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_provisioning_request_fuzz_seed_corpus/6ee38ff02d14cae0565cd26553cde5f898444014 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_renewal_request_fuzz_seed_corpus/2e120b916a62c00addf137d7e7733620394009b8 b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_renewal_request_fuzz_seed_corpus/2e120b916a62c00addf137d7e7733620394009b8 new file mode 100644 index 00000000..8d09e733 Binary files /dev/null and b/libwvdrmengine/oemcrypto/test/fuzz_tests/corpus/oemcrypto_renewal_request_fuzz_seed_corpus/2e120b916a62c00addf137d7e7733620394009b8 differ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_deactivate_usage_entry_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_deactivate_usage_entry_fuzz.cc new file mode 100644 index 00000000..560a172d --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_deactivate_usage_entry_fuzz.cc @@ -0,0 +1,30 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + LicenseWithUsageEntryFuzz entry; + entry.CreateUsageTableHeader(); + // Open a session, create a usage entry. + Session* session = entry.license_messages().session(); + session->open(); + entry.InstallTestRSAKey(session); + session->GenerateNonce(); + session->CreateNewUsageEntry(); + vector encrypted_usage_header; + session->UpdateUsageEntry(&encrypted_usage_header); + // LoadLicense sets the pst for usage entry. + entry.LoadLicense(); + + OEMCrypto_DeactivateUsageEntry(session->session_id(), data, size); + session->close(); + return 0; +} +} // namespace wvoec diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_cenc_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_cenc_fuzz.cc index 3f30ccb3..9a16086e 100644 --- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_cenc_fuzz.cc +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_decrypt_cenc_fuzz.cc @@ -95,7 +95,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Read subsamples from fuzzed data. vector subsamples; - while (fuzzed_subsample_data.remaining_bytes() > + while (fuzzed_subsample_data.remaining_bytes() >= sizeof(OEMCrypto_SubSampleDescription)) { OEMCrypto_SubSampleDescription subsample; fuzzed_subsample_data.ConsumeData(&subsample, @@ -138,9 +138,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Copy sub sample data. sample_descriptions[i].subsamples = &subsamples[input_subsample_index]; - if (AddOverflowUX(input_subsample_index, - sample_descriptions[i].subsamples_length, - &input_subsample_index)) { + if (OPK_AddOverflowUX(input_subsample_index, + sample_descriptions[i].subsamples_length, + &input_subsample_index)) { return 0; } if (input_subsample_index > subsamples.size()) return 0; diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc index 8939f118..f76fafae 100644 --- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc @@ -22,4 +22,45 @@ std::vector> SplitInput(const uint8_t* data, size_t size) { } return result; } + +void OEMCryptoLicenseAPIFuzz::LoadLicense() { + license_messages_.SignAndVerifyRequest(); + license_messages_.CreateDefaultResponse(); + license_messages_.EncryptAndSignResponse(); + OEMCryptoResult sts = license_messages_.LoadResponse(); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); +} + +void OEMCryptoProvisioningAPIFuzz::LoadProvisioning() { + provisioning_messages_.SignAndVerifyRequest(); + provisioning_messages_.CreateDefaultResponse(); + provisioning_messages_.EncryptAndSignResponse(); + OEMCryptoResult sts = provisioning_messages_.LoadResponse(); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); +} + +void LicenseWithUsageEntryFuzz::CreateUsageTableHeader() { + size_t header_buffer_length = 0; + OEMCryptoResult sts = + OEMCrypto_CreateUsageTableHeader(nullptr, &header_buffer_length); + encrypted_usage_header_.resize(header_buffer_length); + sts = OEMCrypto_CreateUsageTableHeader(encrypted_usage_header_.data(), + &header_buffer_length); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); +} + +void LicenseWithUsageEntryFuzz::LoadLicense() { + license_messages_.SignAndVerifyRequest(); + license_messages_.CreateDefaultResponse(); + license_messages_.EncryptAndSignResponse(); + OEMCryptoResult sts = license_messages_.LoadResponse(); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); +} + +void CheckStatusAndExitFuzzerOnFailure(OEMCryptoResult result, + OEMCryptoResult expected_status) { + if (result != expected_status) { + abort(); + } +} } // namespace wvoec diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h index 14c18f5c..2aa1f46c 100644 --- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.h @@ -13,6 +13,16 @@ #include "oemcrypto_session_tests_helper.h" namespace wvoec { +// Forward-declare the libFuzzer's mutator callback. Mark it weak so that +// the program links successfully even outside of --config=asan-fuzzer +// (apparently the only config in which LLVM uses our custom mutator). +extern "C" size_t LLVMFuzzerMutate(uint8_t* Data, size_t Size, size_t MaxSize) + __attribute__((weak)); + +const size_t KB = 1024; +// Maximum signature length. If fuzzed signature length is greater that this, +// this value will be used for signature length. +const size_t MAX_FUZZ_SIGNATURE_LENGTH = 5 * KB; // Initial setup to create a valid OEMCrypto state such as initializing crypto // firmware/hardware, installing golden key box etc. in order to fuzz // OEMCrypto APIs. @@ -42,12 +52,7 @@ class OEMCryptoLicenseAPIFuzz : public InitializeFuzz { Session* session() { return &session_; } - void LoadLicense() { - license_messages_.SignAndVerifyRequest(); - license_messages_.CreateDefaultResponse(); - license_messages_.EncryptAndSignResponse(); - license_messages_.LoadResponse(); - } + void LoadLicense(); private: Session session_; @@ -64,9 +69,11 @@ class OEMCryptoProvisioningAPIFuzz : public InitializeFuzz { ~OEMCryptoProvisioningAPIFuzz() { session_.close(); } + void LoadProvisioning(); ProvisioningRoundTrip& provisioning_messages() { return provisioning_messages_; } + Session* session() { return &session_; } private: Session session_; @@ -85,6 +92,25 @@ class OEMCryptoRenewalAPIFuzz : public OEMCryptoLicenseAPIFuzz { RenewalRoundTrip renewal_messages_; }; +class LicenseWithUsageEntryFuzz : public InitializeFuzz { + public: + LicenseWithUsageEntryFuzz() : license_messages_(&session_) { + license_messages_.set_pst("my_pst"); + } + + void CreateUsageTableHeader(); + LicenseRoundTrip& license_messages() { return license_messages_; } + const vector& encrypted_usage_header() { + return encrypted_usage_header_; + } + void LoadLicense(); + + private: + vector encrypted_usage_header_; + LicenseRoundTrip license_messages_; + Session session_; +}; + // Convert data to valid enum value. template void ConvertDataToValidEnum(T max_enum_value, T* t) { @@ -99,6 +125,10 @@ void RedirectStdoutToFile(); // Function to split fuzzer input using delimiter "-_^_". std::vector> SplitInput(const uint8_t* data, size_t size); +// Check the status and exit fuzzer if arguments do not match. This is usually +// called to check status of APIs which are called to setup state for fuzzers. +void CheckStatusAndExitFuzzerOnFailure(OEMCryptoResult result, + OEMCryptoResult expected_status); } // namespace wvoec #endif // OEMCRYPTO_FUZZ_HELPER_H_ diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_structs.h b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_structs.h index 67dd588c..5a5febb3 100644 --- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_structs.h +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_structs.h @@ -4,6 +4,9 @@ #ifndef OEMCRYPTO_FUZZ_STRUCTS_H_ #define OEMCRYPTO_FUZZ_STRUCTS_H_ +#include "core_message_types.h" +#include "odk.h" + namespace wvoec { struct OEMCrypto_Renewal_Response_Fuzz { // Timer limits in core license response needs to be fuzzed as load renewal @@ -37,6 +40,34 @@ struct OEMCrypto_Decrypt_Cenc_Fuzz { // Sample data and subsample data are of variable length and not included in // this structure. }; + +struct OEMCrypto_Generic_Api_Fuzz { + // Corpus format is as below, let | be separator. + // cipher_mode + algorithm + iv | buffer with actual data + OEMCryptoCipherMode cipher_mode; + OEMCrypto_Algorithm algorithm; + // iv and buffer data are of variable length and not included in + // this structure. +}; + +struct OEMCrypto_Generic_Verify_Fuzz { + // Corpus format is as belowr. + // cipher_mode + algorithm + signature_length + buffer with actual data + OEMCryptoCipherMode cipher_mode; + OEMCrypto_Algorithm algorithm; + size_t signature_length; + // Buffer data is of variable length and not included in + // this structure. +}; + +struct OEMCrypto_Generate_RSA_Signature_Fuzz { + // Corpus format is as below, let | be separator. + // padding_scheme + signature_length + input buffer + RSA_Padding_Scheme padding_scheme; + size_t signature_length; + // input buffer data is of variable length and not included in + // this structure. +}; } // namespace wvoec #endif // OEMCRYPTO_FUZZ_STRUCTS_H_ \ No newline at end of file diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generate_rsa_signature_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generate_rsa_signature_fuzz.cc new file mode 100644 index 00000000..872b302c --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generate_rsa_signature_fuzz.cc @@ -0,0 +1,34 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "OEMCryptoCENC.h" +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + OEMCrypto_Generate_RSA_Signature_Fuzz fuzzed_structure; + if (size <= sizeof(OEMCrypto_Generate_RSA_Signature_Fuzz)) { + return 0; + } + + // Copy data to fuzzed structure. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + // Creates wrapped rsa key and calls load drm private key. + static OEMCryptoLicenseAPIFuzz license_api_fuzz; + // We cannot allocate buffers of random huge lengths in memory. + // This also slows down the fuzzer. + size_t signature_length = + std::min(MAX_FUZZ_SIGNATURE_LENGTH, fuzzed_structure.signature_length); + vector signature(signature_length); + OEMCrypto_GenerateRSASignature( + license_api_fuzz.session()->session_id(), data + sizeof(fuzzed_structure), + size - sizeof(fuzzed_structure), signature.data(), &signature_length, + fuzzed_structure.padding_scheme); + return 0; +} +} // namespace wvoec diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_decrypt_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_decrypt_fuzz.cc new file mode 100644 index 00000000..e36d5508 --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_decrypt_fuzz.cc @@ -0,0 +1,61 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "FuzzedDataProvider.h" +#include "OEMCryptoCENC.h" +#include "log.h" +#include "oemcrypto_fuzz_helper.h" +#include "oemcrypto_fuzz_structs.h" +#include "oemcrypto_types.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + // Split data using separator. + auto inputs = SplitInput(data, size); + if (inputs.size() < 2) { + return 0; + } + + OEMCrypto_Generic_Api_Fuzz fuzzed_structure; + if (inputs[0].size() < sizeof(fuzzed_structure)) { + return 0; + } + // Copy OEMCrypto_Generic_Api_Fuzz from input data. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, + &fuzzed_structure.cipher_mode); + ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, + &fuzzed_structure.algorithm); + + // Copy iv from input data. + size_t iv_size = inputs[0].size() - sizeof(fuzzed_structure); + if (iv_size == 0) { + return 0; + } + vector iv(iv_size); + memcpy(iv.data(), data + sizeof(fuzzed_structure), iv_size); + + // Copy clear buffer from input data. + vector encrypted_buffer(inputs[1].size()); + vector clear_buffer(inputs[1].size()); + memcpy(encrypted_buffer.data(), inputs[1].data(), inputs[1].size()); + + OEMCryptoLicenseAPIFuzz license_api_fuzz; + Session* session = license_api_fuzz.session(); + // Load license and call generic_decrypt API. + license_api_fuzz.LoadLicense(); + OEMCryptoResult sts = OEMCrypto_SelectKey( + session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, fuzzed_structure.cipher_mode); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); + OEMCrypto_Generic_Decrypt(session->session_id(), encrypted_buffer.data(), + encrypted_buffer.size(), iv.data(), + fuzzed_structure.algorithm, clear_buffer.data()); + return 0; +} +} // namespace wvoec diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_encrypt_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_encrypt_fuzz.cc new file mode 100644 index 00000000..df0a35e9 --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_encrypt_fuzz.cc @@ -0,0 +1,61 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "FuzzedDataProvider.h" +#include "OEMCryptoCENC.h" +#include "log.h" +#include "oemcrypto_fuzz_helper.h" +#include "oemcrypto_fuzz_structs.h" +#include "oemcrypto_types.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + // Split data using separator. + auto inputs = SplitInput(data, size); + if (inputs.size() < 2) { + return 0; + } + + OEMCrypto_Generic_Api_Fuzz fuzzed_structure; + if (inputs[0].size() < sizeof(fuzzed_structure)) { + return 0; + } + // Copy OEMCrypto_Generic_Api_Fuzz from input data. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, + &fuzzed_structure.cipher_mode); + ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, + &fuzzed_structure.algorithm); + + // Copy iv from input data. + size_t iv_size = inputs[0].size() - sizeof(fuzzed_structure); + if (iv_size == 0) { + return 0; + } + vector iv(iv_size); + memcpy(iv.data(), data + sizeof(fuzzed_structure), iv_size); + + // Copy clear buffer from input data. + vector clear_buffer(inputs[1].size()); + vector encrypted_buffer(inputs[1].size()); + memcpy(clear_buffer.data(), inputs[1].data(), inputs[1].size()); + + OEMCryptoLicenseAPIFuzz license_api_fuzz; + Session* session = license_api_fuzz.session(); + // Load license and call generic_encrypt API. + license_api_fuzz.LoadLicense(); + OEMCryptoResult sts = OEMCrypto_SelectKey( + session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, fuzzed_structure.cipher_mode); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); + OEMCrypto_Generic_Encrypt( + session->session_id(), clear_buffer.data(), clear_buffer.size(), + iv.data(), fuzzed_structure.algorithm, encrypted_buffer.data()); + return 0; +} +} // namespace wvoec diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_sign_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_sign_fuzz.cc new file mode 100644 index 00000000..d27415d1 --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_sign_fuzz.cc @@ -0,0 +1,55 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "OEMCryptoCENC.h" +#include "log.h" +#include "oemcrypto_fuzz_helper.h" +#include "oemcrypto_fuzz_structs.h" +#include "oemcrypto_types.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + OEMCrypto_Generic_Api_Fuzz fuzzed_structure; + if (size < sizeof(fuzzed_structure)) { + return 0; + } + // Copy OEMCrypto_Generic_Api_Fuzz from input data. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, + &fuzzed_structure.cipher_mode); + ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, + &fuzzed_structure.algorithm); + + size_t clear_buffer_size = size - sizeof(fuzzed_structure); + if (clear_buffer_size == 0) { + return 0; + } + // Copy clear buffer from input data. + vector clear_buffer(clear_buffer_size); + memcpy(clear_buffer.data(), data + sizeof(fuzzed_structure), + clear_buffer_size); + + OEMCryptoLicenseAPIFuzz license_api_fuzz; + Session* session = license_api_fuzz.session(); + // Load license and call generic_sign API. + license_api_fuzz.LoadLicense(); + OEMCryptoResult sts = OEMCrypto_SelectKey( + session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, fuzzed_structure.cipher_mode); + CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); + size_t signature_length = 0; + OEMCrypto_Generic_Sign(session->session_id(), clear_buffer.data(), + clear_buffer.size(), fuzzed_structure.algorithm, + nullptr, &signature_length); + vector signature(signature_length); + OEMCrypto_Generic_Sign(session->session_id(), clear_buffer.data(), + clear_buffer.size(), fuzzed_structure.algorithm, + signature.data(), &signature_length); + return 0; +} +} // namespace wvoec diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc new file mode 100644 index 00000000..076d3caa --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc @@ -0,0 +1,67 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include +#include + +#include "OEMCryptoCENC.h" +#include "log.h" +#include "oemcrypto_fuzz_helper.h" +#include "oemcrypto_fuzz_structs.h" +#include "oemcrypto_types.h" + +namespace wvoec { +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + OEMCrypto_Generic_Verify_Fuzz fuzzed_structure; + if (size < sizeof(fuzzed_structure)) { + return 0; + } + // Copy OEMCrypto_Generic_Verify_Fuzz from input data. + memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); + ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, + &fuzzed_structure.cipher_mode); + ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, + &fuzzed_structure.algorithm); + + size_t in_buffer_size = size - sizeof(fuzzed_structure); + if (in_buffer_size == 0) { + return 0; + } + // Copy clear buffer from input data. + vector in_buffer(in_buffer_size); + memcpy(in_buffer.data(), data + sizeof(fuzzed_structure), in_buffer_size); + + OEMCryptoLicenseAPIFuzz license_api_fuzz; + Session* session = license_api_fuzz.session(); + // Load license and call generic_verify API. + license_api_fuzz.LoadLicense(); + OEMCrypto_SelectKey(session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, + OEMCrypto_CipherMode_CTR); + // Calculate signature for in buffer. + size_t signature_length = 0; + OEMCrypto_Generic_Sign(session->session_id(), in_buffer.data(), + in_buffer.size(), fuzzed_structure.algorithm, nullptr, + &signature_length); + vector signature(signature_length); + OEMCrypto_Generic_Sign(session->session_id(), in_buffer.data(), + in_buffer.size(), fuzzed_structure.algorithm, + signature.data(), &signature_length); + + OEMCrypto_SelectKey(session->session_id(), session->license().keys[0].key_id, + session->license().keys[0].key_id_length, + fuzzed_structure.cipher_mode); + signature_length = + std::min(MAX_FUZZ_SIGNATURE_LENGTH, fuzzed_structure.signature_length); + signature.resize(signature_length); + OEMCrypto_Generic_Verify(session->session_id(), in_buffer.data(), + in_buffer.size(), fuzzed_structure.algorithm, + signature.data(), signature_length); + return 0; +} +} // namespace wvoec diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_entry_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_entry_fuzz.cc new file mode 100644 index 00000000..ed47b0b2 --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_entry_fuzz.cc @@ -0,0 +1,61 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "OEMCryptoCENC.h" +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { +LicenseWithUsageEntryFuzz entry; +// The custom mutator to mutate created encrypted usage entry. +extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, + size_t max_size, unsigned int seed) { + entry.CreateUsageTableHeader(); + Session* s = entry.license_messages().session(); + s->open(); + entry.InstallTestRSAKey(s); + uint32_t usage_entry_number = 0; + memcpy(&usage_entry_number, data, sizeof(uint32_t)); + if (OEMCrypto_LoadUsageEntry(s->session_id(), usage_entry_number, + data + sizeof(uint32_t), + size - sizeof(uint32_t)) != OEMCrypto_SUCCESS) { + s->CreateNewUsageEntry(); + vector encrypted_usage_header; + s->UpdateUsageEntry(&encrypted_usage_header); + vector encrypted_usage_entry = s->encrypted_usage_entry(); + usage_entry_number = s->usage_entry_number(); + // Copy created usage entry number and usage entry to data and mutate it. + memcpy(data, &usage_entry_number, sizeof(uint32_t)); + memcpy(data + sizeof(uint32_t), encrypted_usage_entry.data(), + encrypted_usage_entry.size()); + size = sizeof(uint32_t) + encrypted_usage_entry.size(); + } + s->close(); + return LLVMFuzzerMutate(data, size, max_size); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + uint32_t usage_entry_number = 0; + if (size < sizeof(usage_entry_number)) { + return 0; + } + + memcpy(&usage_entry_number, data, sizeof(usage_entry_number)); + const uint8_t* extra_data = data + sizeof(usage_entry_number); + size_t extra_data_size = size - sizeof(usage_entry_number); + if (extra_data_size == 0) { + return 0; + } + + Session s; + s.open(); + OEMCrypto_LoadUsageEntry(s.session_id(), usage_entry_number, extra_data, + extra_data_size); + s.close(); + return 0; +} +} // namespace wvoec diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_table_header_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_table_header_fuzz.cc new file mode 100644 index 00000000..8d3000af --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_load_usage_table_header_fuzz.cc @@ -0,0 +1,36 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine +// License Agreement. + +#include "OEMCryptoCENC.h" +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { + +// The custom mutator to mutate created encrypted usage table header. +extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, + size_t max_size, unsigned int seed) { + LicenseWithUsageEntryFuzz entry; + if (OEMCrypto_LoadUsageTableHeader(data, size) != OEMCrypto_SUCCESS) { + entry.CreateUsageTableHeader(); + if (size < entry.encrypted_usage_header().size()) { + return 0; + } + // Copy created usage table header to data and mutate it. + memcpy(data, entry.encrypted_usage_header().data(), + entry.encrypted_usage_header().size()); + size = entry.encrypted_usage_header().size(); + } + return LLVMFuzzerMutate(data, size, max_size); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + // Initialize OEMCrypto and call API. + InitializeFuzz initialize_fuzz; + OEMCrypto_LoadUsageTableHeader(data, size); + return 0; +} +} // namespace wvoec diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_odkitee_dispatcher_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_opk_dispatcher_fuzz.cc similarity index 50% rename from libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_odkitee_dispatcher_fuzz.cc rename to libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_opk_dispatcher_fuzz.cc index 1a3c770b..3fae8e6c 100644 --- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_odkitee_dispatcher_fuzz.cc +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_opk_dispatcher_fuzz.cc @@ -1,23 +1,15 @@ #include +#include -#include "dispatcher.h" -#include "marshaller_base.h" -#include "transport_interface.h" +#include "opk_dispatcher.h" +#include "opk_init.h" +#include "tos_transport_interface.h" namespace wvoec { -void InitializeODKMessage(ODK_Message* message, uint8_t* data, size_t size) { - ODK_Message_Impl* impl = (ODK_Message_Impl*)message; - impl->base = data; - impl->size = size; - impl->capacity = size; - impl->read_offset = 0; - impl->status = MESSAGE_STATUS_OK; -} - void OpenOEMCryptoTASession() { ODK_Message request; - ODK_Message* response = NULL; + ODK_Message response; uint8_t response_buffer[0x1000]; uint8_t request_body[] = { 0x06, // TAG_UINT32 @@ -26,16 +18,13 @@ void OpenOEMCryptoTASession() { 0x00, // value (false) 0x0a // TAG_EOM }; - - InitializeODKMessage(&request, request_body, sizeof(request_body)); - - ODK_DispatchMessage(&request, &response); - if (response != NULL) ODK_Transport_DeallocateMessage(response); + request = ODK_Message_Create(request_body, sizeof(request_body)); + OPK_DispatchMessage(&request, &response); } void InitializeOEMCryptoTA() { ODK_Message init_request; - ODK_Message* init_response = NULL; + ODK_Message init_response; uint8_t response_buffer[0x1000]; uint8_t init_request_body[] = { 0x06, // TAG_UINT32 @@ -43,15 +32,13 @@ void InitializeOEMCryptoTA() { 0x0a // TAG_EOM }; - InitializeODKMessage(&init_request, init_request_body, - sizeof(init_request_body)); - - ODK_DispatchMessage(&init_request, &init_response); - if (init_response != NULL) ODK_Transport_DeallocateMessage(init_response); + init_request = + ODK_Message_Create(init_request_body, sizeof(init_request_body)); + OPK_DispatchMessage(&init_request, &init_response); } extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { - ODK_InitializeDispatcher(); + OPK_Initialize(); InitializeOEMCryptoTA(); OpenOEMCryptoTASession(); return 0; @@ -59,16 +46,14 @@ extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { ODK_Message request; - ODK_Message* response = NULL; + ODK_Message response; unsigned char response_buffer[0x1000]; uint8_t* input = new uint8_t[size]; memcpy(input, data, size); - InitializeODKMessage(&request, input, size); - - ODK_DispatchMessage(&request, &response); - if (response != NULL) ODK_Transport_DeallocateMessage(response); + request = ODK_Message_Create(input, size); + OPK_DispatchMessage(&request, &response); delete[] input; return 0; diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_report_usage_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_report_usage_fuzz.cc new file mode 100644 index 00000000..3b3813a8 --- /dev/null +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_report_usage_fuzz.cc @@ -0,0 +1,46 @@ +// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary +// source code may only be used and distributed under the Widevine Master +// License Agreement. + +#include "oemcrypto_fuzz_helper.h" + +namespace wvoec { +const size_t MAX_FUZZ_PST_REPORT_BUFFER_LENGTH = 5 * MB; +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + // Redirect printf and log statements from oemcrypto functions to a file to + // reduce noise + RedirectStdoutToFile(); + + size_t pst_buffer_length = 0; + if (size <= sizeof(pst_buffer_length)) { + return 0; + } + + LicenseWithUsageEntryFuzz entry; + entry.CreateUsageTableHeader(); + // Open a session, create a usage entry. + Session* session = entry.license_messages().session(); + session->open(); + entry.InstallTestRSAKey(session); + session->GenerateNonce(); + session->CreateNewUsageEntry(); + vector encrypted_usage_header; + session->UpdateUsageEntry(&encrypted_usage_header); + // Sets pst for usage entry. + entry.LoadLicense(); + + memcpy(&pst_buffer_length, data, sizeof(pst_buffer_length)); + const uint8_t* extra_data = data + sizeof(pst_buffer_length); + size_t extra_data_size = size - sizeof(pst_buffer_length); + // We cannot allocate a huge buffer, hence limiting buffer size to + // MAX_FUZZ_PST_REPORT_BUFFER_LENGTH. + pst_buffer_length = + std::min(MAX_FUZZ_PST_REPORT_BUFFER_LENGTH, pst_buffer_length); + vector pst_report_buffer(pst_buffer_length); + // Call API with fuzzed pst_buffer_length, pst. + OEMCrypto_ReportUsage(session->session_id(), extra_data, extra_data_size, + pst_report_buffer.data(), &pst_buffer_length); + session->close(); + return 0; +} +} // namespace wvoec