diff --git a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc index b4d98104..23f598d2 100644 --- a/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc +++ b/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc @@ -64,44 +64,48 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size, return 0; } - // Select key and perform verification. + // Get key handle for signing and verifying. Session* const session = license_api_fuzz.session(); vector key_handle; - GetKeyHandleIntoVector( + OEMCryptoResult result = GetKeyHandleIntoVector( session->session_id(), session->license().keys[0].key_id, session->license().keys[0].key_id_length, fuzzed_properties.value.structure.cipher_mode, key_handle); - if (OEMCrypto_Generic_Verify(key_handle.data(), key_handle.size(), - fuzzed_properties.value.buffer.data(), - fuzzed_properties.value.buffer.size(), - fuzzed_properties.value.structure.algorithm, - fuzzed_properties.value.signature.data(), - fuzzed_properties.value.signature.size()) != - OEMCrypto_SUCCESS) { - // Generate a new signature. - size_t signature_length = 0; - OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(), - fuzzed_properties.value.buffer.data(), - fuzzed_properties.value.buffer.size(), - fuzzed_properties.value.structure.algorithm, nullptr, - &signature_length); - fuzzed_properties.value.signature.resize(signature_length); - OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(), - fuzzed_properties.value.buffer.data(), - fuzzed_properties.value.buffer.size(), - fuzzed_properties.value.structure.algorithm, - fuzzed_properties.value.signature.data(), - &signature_length); - const size_t signature_offset = sizeof(fuzzed_properties.value.structure) + - fuzzed_properties.value.buffer.size() + - sizeof(kFuzzDataSeparator); - size = signature_offset + signature_length; - if (size > max_size) { - return 0; + if (result == OEMCrypto_SUCCESS) { + // Generate a new signature if verification fails. + result = + OEMCrypto_Generic_Verify(key_handle.data(), key_handle.size(), + fuzzed_properties.value.buffer.data(), + fuzzed_properties.value.buffer.size(), + fuzzed_properties.value.structure.algorithm, + fuzzed_properties.value.signature.data(), + fuzzed_properties.value.signature.size()); + if (result != OEMCrypto_SUCCESS) { + size_t signature_length = 0; + OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(), + fuzzed_properties.value.buffer.data(), + fuzzed_properties.value.buffer.size(), + fuzzed_properties.value.structure.algorithm, + nullptr, &signature_length); + fuzzed_properties.value.signature.resize(signature_length); + OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(), + fuzzed_properties.value.buffer.data(), + fuzzed_properties.value.buffer.size(), + fuzzed_properties.value.structure.algorithm, + fuzzed_properties.value.signature.data(), + &signature_length); + const size_t signature_offset = + sizeof(fuzzed_properties.value.structure) + + fuzzed_properties.value.buffer.size() + sizeof(kFuzzDataSeparator); + size = signature_offset + signature_length; + if (size > max_size) { + return 0; + } + memcpy(data + signature_offset, fuzzed_properties.value.signature.data(), + signature_length); } - memcpy(data + signature_offset, fuzzed_properties.value.signature.data(), - signature_length); } + return LLVMFuzzerMutate(data, size, max_size); }