Cherry pick cdm udc-widevine-release changes to udc-widevine-dev to be in sync with 18.3 release
Merged from go/wvgerrit/178231 Bug: 290252845 Test: WVTS tests seem to be running and passing Change-Id: Ifff9123a73e173e835a6e89ba7c2760e1cd500fd (cherry picked from commit 6889845d2e7e24f22c00b333335c34259b3fc96e)
This commit is contained in:
Vicky Min
@@ -2,135 +2,62 @@
|
||||
// source code may only be used and distributed under the Widevine
|
||||
// License Agreement.
|
||||
|
||||
#include <vector>
|
||||
|
||||
#include "FuzzedDataProvider.h"
|
||||
#include "OEMCryptoCENC.h"
|
||||
#include "oec_session_util.h"
|
||||
#include "oemcrypto_fuzz_helper.h"
|
||||
#include "oemcrypto_fuzz_structs.h"
|
||||
#include "oemcrypto_types.h"
|
||||
|
||||
namespace wvoec {
|
||||
namespace {
|
||||
|
||||
// Properties deserialized from fuzzed data.
|
||||
struct FuzzedProperties {
|
||||
OEMCrypto_Generic_Api_Fuzz structure;
|
||||
std::vector<uint8_t> buffer;
|
||||
std::vector<uint8_t> signature;
|
||||
};
|
||||
// Avoid calling non-trivial destructor.
|
||||
wvoec::OEMCryptoLicenseAPIFuzz& license_api_fuzz =
|
||||
*new wvoec::OEMCryptoLicenseAPIFuzz;
|
||||
|
||||
// Contains value only if has_value is true.
|
||||
struct OptionalFuzzedProperties {
|
||||
FuzzedProperties value;
|
||||
bool has_value;
|
||||
};
|
||||
|
||||
OEMCryptoLicenseAPIFuzz license_api_fuzz;
|
||||
|
||||
OptionalFuzzedProperties DeserializeFuzzedData(const uint8_t* data,
|
||||
size_t size) {
|
||||
OptionalFuzzedProperties fuzzed_properties;
|
||||
const std::vector<FuzzedData> inputs = SplitFuzzedData(data, size);
|
||||
if (inputs.size() < 2 ||
|
||||
inputs[0].size < sizeof(fuzzed_properties.value.structure)) {
|
||||
fuzzed_properties.has_value = false;
|
||||
return fuzzed_properties;
|
||||
}
|
||||
FuzzedDataProvider fuzzed_data(inputs[0].data, inputs[0].size);
|
||||
fuzzed_data.ConsumeData(&fuzzed_properties.value.structure,
|
||||
sizeof(fuzzed_properties.value.structure));
|
||||
ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue,
|
||||
&fuzzed_properties.value.structure.cipher_mode);
|
||||
ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue,
|
||||
&fuzzed_properties.value.structure.algorithm);
|
||||
fuzzed_properties.value.buffer = fuzzed_data.ConsumeRemainingBytes<uint8_t>();
|
||||
fuzzed_properties.value.signature.assign(inputs[1].data,
|
||||
inputs[1].data + inputs[1].size);
|
||||
fuzzed_properties.has_value = true;
|
||||
return fuzzed_properties;
|
||||
}
|
||||
} // namespace
|
||||
|
||||
extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
|
||||
RedirectStdoutToFile();
|
||||
license_api_fuzz.LoadLicense();
|
||||
wvoec::RedirectStdoutToFile();
|
||||
license_api_fuzz.Initialize();
|
||||
license_api_fuzz.LoadLicenseWithGenericCryptoKeys();
|
||||
return 0;
|
||||
}
|
||||
|
||||
extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
|
||||
size_t max_size, unsigned int seed) {
|
||||
// Deserialize fuzzed data.
|
||||
OptionalFuzzedProperties fuzzed_properties =
|
||||
DeserializeFuzzedData(data, size);
|
||||
if (!fuzzed_properties.has_value) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Get key handle for signing and verifying.
|
||||
Session* const session = license_api_fuzz.session();
|
||||
vector<uint8_t> key_handle;
|
||||
OEMCryptoResult result = GetKeyHandleIntoVector(
|
||||
session->session_id(), session->license().keys[0].key_id,
|
||||
session->license().keys[0].key_id_length,
|
||||
fuzzed_properties.value.structure.cipher_mode, key_handle);
|
||||
if (result == OEMCrypto_SUCCESS) {
|
||||
// Generate a new signature if verification fails.
|
||||
result =
|
||||
OEMCrypto_Generic_Verify(key_handle.data(), key_handle.size(),
|
||||
fuzzed_properties.value.buffer.data(),
|
||||
fuzzed_properties.value.buffer.size(),
|
||||
fuzzed_properties.value.structure.algorithm,
|
||||
fuzzed_properties.value.signature.data(),
|
||||
fuzzed_properties.value.signature.size());
|
||||
if (result != OEMCrypto_SUCCESS) {
|
||||
size_t signature_length = 0;
|
||||
OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(),
|
||||
fuzzed_properties.value.buffer.data(),
|
||||
fuzzed_properties.value.buffer.size(),
|
||||
fuzzed_properties.value.structure.algorithm,
|
||||
nullptr, &signature_length);
|
||||
fuzzed_properties.value.signature.resize(signature_length);
|
||||
OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(),
|
||||
fuzzed_properties.value.buffer.data(),
|
||||
fuzzed_properties.value.buffer.size(),
|
||||
fuzzed_properties.value.structure.algorithm,
|
||||
fuzzed_properties.value.signature.data(),
|
||||
&signature_length);
|
||||
const size_t signature_offset =
|
||||
sizeof(fuzzed_properties.value.structure) +
|
||||
fuzzed_properties.value.buffer.size() + sizeof(kFuzzDataSeparator);
|
||||
size = signature_offset + signature_length;
|
||||
if (size > max_size) {
|
||||
return 0;
|
||||
}
|
||||
memcpy(data + signature_offset, fuzzed_properties.value.signature.data(),
|
||||
signature_length);
|
||||
}
|
||||
}
|
||||
|
||||
return LLVMFuzzerMutate(data, size, max_size);
|
||||
}
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
||||
// Deserialize fuzzed data.
|
||||
const OptionalFuzzedProperties fuzzed_properties =
|
||||
DeserializeFuzzedData(data, size);
|
||||
if (!fuzzed_properties.has_value) {
|
||||
// Split data using separator.
|
||||
const std::vector<wvoec::FuzzedData> inputs =
|
||||
wvoec::SplitFuzzedData(data, size);
|
||||
if (inputs.size() < 2) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Select key and perform verification.
|
||||
Session* const session = license_api_fuzz.session();
|
||||
vector<uint8_t> key_handle;
|
||||
GetKeyHandleIntoVector(
|
||||
session->session_id(), session->license().keys[0].key_id,
|
||||
session->license().keys[0].key_id_length,
|
||||
fuzzed_properties.value.structure.cipher_mode, key_handle);
|
||||
OEMCrypto_Generic_Verify(key_handle.data(), key_handle.size(),
|
||||
fuzzed_properties.value.buffer.data(),
|
||||
fuzzed_properties.value.buffer.size(),
|
||||
fuzzed_properties.value.structure.algorithm,
|
||||
fuzzed_properties.value.signature.data(),
|
||||
fuzzed_properties.value.signature.size());
|
||||
// Deserialize fuzzed data.
|
||||
wvoec::OEMCrypto_Generic_Api_Fuzz fuzzed_structure;
|
||||
if (inputs[0].size < sizeof(fuzzed_structure)) {
|
||||
return 0;
|
||||
}
|
||||
FuzzedDataProvider fuzzed_data(inputs[0].data, inputs[0].size);
|
||||
fuzzed_data.ConsumeData(&fuzzed_structure, sizeof(fuzzed_structure));
|
||||
wvoec::ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue,
|
||||
fuzzed_structure.cipher_mode);
|
||||
wvoec::ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue,
|
||||
fuzzed_structure.algorithm);
|
||||
const std::vector<uint8_t> buffer =
|
||||
fuzzed_data.ConsumeRemainingBytes<uint8_t>();
|
||||
const std::vector<uint8_t> signature(inputs[1].data,
|
||||
inputs[1].data + inputs[1].size);
|
||||
|
||||
// Select key and verify.
|
||||
wvoec::Session& session = license_api_fuzz.session();
|
||||
std::vector<uint8_t> key_handle;
|
||||
wvoec::GetKeyHandleIntoVector(session.session_id(),
|
||||
session.license().keys[3].key_id,
|
||||
session.license().keys[3].key_id_length,
|
||||
fuzzed_structure.cipher_mode, key_handle);
|
||||
OEMCrypto_Generic_Verify(key_handle.data(), key_handle.size(), buffer.data(),
|
||||
buffer.size(), fuzzed_structure.algorithm,
|
||||
signature.data(), signature.size());
|
||||
return 0;
|
||||
}
|
||||
|
||||
} // namespace wvoec
|
||||
|
||||
Reference in New Issue
Block a user