Update ODK Library and add license release unit test

Merge from Widevine repo of two CLs. Merge from Widevine repo of http://go/wvgerrit/94743 A license release should not have a core message. This CL adjusts the existing unit tests to verify this. There is also a new unit test called SecureStop that explicitly tests sending a secure stop in a new session without first loading the license. Merge from Widevine repo of http://go/wvgerrit/94865 This CL has the following changes copied from google3: http://cr/298871728 Remove odk_static_assert for Message size temporarily http://cr/298755935 Fix a compiling error during macro expansion http://cr/298481745 Add missing header for android http://cr/298448142 Fix odk_test gyp file http://cr/298419641 Remove header from Android.bp http://cr/298402053 Separate sizeOf(args) bytes in fuzz tests http://cr/297730316 No core messages for license release http://cr/297714346 Add copybara_test and piper_sot_to_gerrit http://cr/297636713 Adding some comments around boolean conversion code http://cr/297420679 Autofuzzer when ran with address sanitizer ... http://cr/296513584 Minor fix with fuzzing odk clock values http://cr/296322024 Fixing errors in code with how request ... http://cr/296313159 Fuzzing ODK clock values by setting aside ... http://cr/295763207 Add more odk tests and move helper functions to test helper http://cr/294524098 Adding a Build Rule for ODK_KDO_Fuzzer and updating http://cr/294492213 Address a few review comments of ODK http://cr/293674368 odk_fuzz: add TODOs & comments http://cr/293492806 Fix spelling Bug: 150243585 Bug: 150020278 Bug: 150095506 Bug: 147297226 Bug: 148290294 Bug: 148907684 Bug: 150608451 Test: unit tests Change-Id: I25fd406f29f4eba40f5cb27e9a1317dce4ffc2f5
2020-02-28 12:03:28 -08:00
parent 0947bd185b
commit c5b7a01ab5
17 changed files with 1528 additions and 866 deletions
--- a/libwvdrmengine/oemcrypto/odk/test/odk_fuzz.cpp
+++ b/libwvdrmengine/oemcrypto/odk/test/odk_fuzz.cpp
@@ -9,7 +9,7 @@
 #include <cstring>
 #include <functional>
 #include <memory>
-#include <string>
+#include <vector>

 #include "OEMCryptoCENCCommon.h"
 #include "core_message_deserialize.h"
@@ -20,48 +20,74 @@
 #include "odk_structs.h"
 #include "odk_structs_priv.h"

-// TODO(b/147297226): remove this: using namespace std;
-// TODO(b/147297226): remove this: using namespace oec_util;
+typedef std::function<size_t(const uint8_t*, uint8_t*, size_t, size_t)>
+    roundtrip_fun;

-typedef std::function<size_t(const uint8_t*, uint8_t*, size_t)> roundtrip_fun;
+using oemcrypto_core_message::ODK_LicenseRequest;
+using oemcrypto_core_message::ODK_ProvisioningRequest;
+using oemcrypto_core_message::ODK_RenewalRequest;

-// @ kdo deserialize; odk derialize
-static OEMCryptoResult odk_fun_LicenseRequest(
-    uint8_t* out, size_t* size, uint32_t api_version, uint32_t nonce,
-    uint32_t session_id, const ODK_LicenseRequest& /*core_license_request*/) {
-  return ODK_PrepareCoreLicenseRequest(out, SIZE_MAX, size, api_version, nonce,
-                                       session_id);
+using oemcrypto_core_message::deserialize::CoreLicenseRequestFromMessage;
+using oemcrypto_core_message::deserialize::CoreProvisioningRequestFromMessage;
+using oemcrypto_core_message::deserialize::CoreRenewalRequestFromMessage;
+
+using oemcrypto_core_message::serialize::CreateCoreLicenseResponse;
+using oemcrypto_core_message::serialize::CreateCoreProvisioningResponse;
+using oemcrypto_core_message::serialize::CreateCoreRenewalResponse;
+
+// @ kdo deserialize; odk serialize
+static OEMCryptoResult odk_serialize_LicenseRequest(
+    const void* in, uint8_t* out, size_t* size,
+    const ODK_LicenseRequest& core_license_request,
+    const ODK_NonceValues* nonce_values) {
+  return ODK_PrepareCoreLicenseRequest(out, SIZE_MAX, size, nonce_values);
 }

-static OEMCryptoResult odk_fun_RenewalRequest(
-    uint8_t* out, size_t* size, uint32_t api_version, uint32_t nonce,
-    uint32_t session_id, const ODK_RenewalRequest& core_renewal) {
-  // todo: fuzz ODK_ClockValues
-  ODK_ClockValues clock = {};
-  uint64_t system_time_seconds = core_renewal.playback_time;
-  return ODK_PrepareCoreRenewalRequest(out, SIZE_MAX, size, api_version, nonce,
-                                       session_id, &clock, system_time_seconds);
+static OEMCryptoResult odk_serialize_RenewalRequest(
+    const void* in, uint8_t* out, size_t* size,
+    const ODK_RenewalRequest& core_renewal, ODK_NonceValues* nonce_values) {
+  ODK_ClockValues clock{};
+  memcpy(&clock, in, sizeof(ODK_ClockValues));
+  uint64_t system_time_seconds = core_renewal.playback_time_seconds;
+  return ODK_PrepareCoreRenewalRequest(out, SIZE_MAX, size, nonce_values,
+                                       &clock, system_time_seconds);
 }

-static OEMCryptoResult odk_fun_ProvisioningRequest(
-    uint8_t* out, size_t* size, uint32_t api_version, uint32_t nonce,
-    uint32_t session_id, const ODK_ProvisioningRequest& core_provisioning) {
+static OEMCryptoResult odk_serialize_ProvisioningRequest(
+    const void* in, uint8_t* out, size_t* size,
+    const ODK_ProvisioningRequest& core_provisioning,
+    const ODK_NonceValues* nonce_values) {
  const std::string& device_id = core_provisioning.device_id;
  return ODK_PrepareCoreProvisioningRequest(
-      out, SIZE_MAX, size, api_version, nonce, session_id,
+      out, SIZE_MAX, size, nonce_values,
      reinterpret_cast<const uint8_t*>(device_id.data()), device_id.size());
 }

+/**
+ * Template arguments:
+ * T: kdo deserialize output/odk serialize input structure
+ * F: kdo deserialize function
+ * G: odk serialize function
+ *
+ * raw bytes -> F deserialize -> struct T -> G serialize -> raw bytes
+ */
 template <typename T, typename F, typename G>
 static roundtrip_fun kdo_odk(const F& kdo_fun, const G& odk_fun) {
-  auto roundtrip = [&](const uint8_t* in, uint8_t* out, size_t size) -> size_t {
-    std::string input(reinterpret_cast<const char*>(in), size);
+  auto roundtrip = [&](const uint8_t* in, uint8_t* out, size_t size,
+                       size_t clock_value_size) -> size_t {
+    if (size <= clock_value_size) {
+      return 0;
+    }
+    // Input byte array format: [Clock Values][data to parse]
+    std::string input(reinterpret_cast<const char*>(in) + clock_value_size,
+                      size - clock_value_size);
    T t = {};
    if (!kdo_fun(input, &t)) {
      return 0;
    }
-    OEMCryptoResult err =
-        odk_fun(out, &size, t.api_version, t.nonce, t.session_id, t);
+    ODK_NonceValues nonce_values = {t.api_minor_version, t.api_major_version,
+                                    t.nonce, t.session_id};
+    OEMCryptoResult err = odk_fun(in, out, &size, t, &nonce_values);
    return OEMCrypto_SUCCESS == err ? size : 0;
  };
  return roundtrip;
@@ -70,7 +96,8 @@ static roundtrip_fun kdo_odk(const F& kdo_fun, const G& odk_fun) {
 // @ odk deserialize; kdo serialize
 namespace {
 struct ODK_Common_Args {
-  uint32_t api_version;
+  uint16_t api_minor_version;
+  uint16_t api_major_version;
  uint32_t nonce;
  uint32_t session_id;
 };
@@ -78,6 +105,9 @@ struct ODK_ParseLicense_Args {
  ODK_Common_Args common;
  uint8_t initial_license_load;
  uint8_t usage_entry_present;
+  uint8_t request_hash[32];
+  ODK_TimerLimits timer_limits;
+  ODK_ClockValues clock_values;
 };
 struct ODK_ParseRenewal_Args {
  ODK_Common_Args common;
@@ -92,93 +122,128 @@ struct ODK_ParseProvisioning_Args {
 };
 }  // namespace

-static OEMCryptoResult odk_fun_LicenseResponse(
-    const uint8_t* message, size_t message_length, uint32_t api_version,
-    uint32_t nonce, uint32_t session_id, const ODK_ParseLicense_Args* a,
-    ODK_ParsedLicense& parsed_lic) {
-  return ODK_ParseLicense(
-      message, message_length, api_version, nonce, session_id,
-      static_cast<bool>(a->initial_license_load),
-      static_cast<bool>(a->usage_entry_present), &parsed_lic);
+uint8_t convert_byte_to_valid_boolean(const bool* in) {
+  uint8_t boolean_value;
+  memcpy(&boolean_value, in, 1);
+  return boolean_value % 2;
 }

-static bool kdo_fun_LicenseResponse(const ODK_ParseLicense_Args* args,
-                                    const ODK_ParsedLicense& parsed_lic,
-                                    std::string* oemcrypto_core_message) {
+static OEMCryptoResult odk_deserialize_LicenseResponse(
+    const uint8_t* message, size_t core_message_length,
+    ODK_ParseLicense_Args* a, ODK_NonceValues* nonce_values,
+    ODK_ParsedLicense* parsed_lic) {
+  return ODK_ParseLicense(message, SIZE_MAX, core_message_length,
+                          static_cast<bool>(a->initial_license_load),
+                          static_cast<bool>(a->usage_entry_present),
+                          a->request_hash, &a->timer_limits, &a->clock_values,
+                          nonce_values, parsed_lic);
+}
+
+static bool kdo_serialize_LicenseResponse(const ODK_ParseLicense_Args* args,
+                                          const ODK_ParsedLicense& parsed_lic,
+                                          std::string* oemcrypto_core_message) {
  const auto& common = args->common;
-  ODK_LicenseRequest core_request{common.api_version, common.nonce,
+  ODK_LicenseRequest core_request{common.api_minor_version,
+                                  common.api_major_version, common.nonce,
                                  common.session_id};
-  return CreateCoreLicenseResponse(parsed_lic, core_request,
-                                   oemcrypto_core_message);
+  std::string core_request_sha_256(
+      reinterpret_cast<const char*>(args->request_hash), 32);
+  return CreateCoreLicenseResponse(
+      parsed_lic, core_request, core_request_sha_256, oemcrypto_core_message);
 }

-static OEMCryptoResult odk_fun_RenewalResponse(
-    const uint8_t* buf, size_t len, uint32_t api_version, uint32_t nonce,
-    uint32_t session_id, ODK_ParseRenewal_Args* a,
-    ODK_PreparedRenewalRequest& renewal_msg) {
+static OEMCryptoResult odk_deserialize_RenewalResponse(
+    const uint8_t* buf, size_t len, ODK_ParseRenewal_Args* a,
+    ODK_NonceValues* nonce_values, ODK_PreparedRenewalRequest* renewal_msg) {
+  /* Address Sanitizer doesn't like values other than 0 OR 1 for boolean
+   * variables. Input from fuzzer can be parsed and any random bytes can be
+   * assigned to boolean variables. Using the workaround to mitigate sanitizer
+   * errors in fuzzer code and converting random bytes to 0 OR 1.
+   * This has no negative security impact*/
+  a->timer_limits.soft_enforce_playback_duration =
+      convert_byte_to_valid_boolean(
+          &a->timer_limits.soft_enforce_playback_duration);
+  a->timer_limits.soft_enforce_rental_duration = convert_byte_to_valid_boolean(
+      &a->timer_limits.soft_enforce_rental_duration);
  uint64_t timer_value = 0;
  OEMCryptoResult err =
-      ODK_ParseRenewal(buf, len, api_version, nonce, session_id, a->system_time,
+      ODK_ParseRenewal(buf, SIZE_MAX, len, nonce_values, a->system_time,
                       &a->timer_limits, &a->clock_values, &timer_value);
  if (OEMCrypto_SUCCESS == err) {
    Message* msg = nullptr;
    AllocateMessage(&msg, message_block);
    InitMessage(msg, const_cast<uint8_t*>(buf), len);
    SetSize(msg, len);
-    Unpack_ODK_PreparedRenewalRequest(msg, &renewal_msg);
+    Unpack_ODK_PreparedRenewalRequest(msg, renewal_msg);
    assert(ValidMessage(msg));
  }
  return err;
 }

-static bool kdo_fun_RenewalResponse(
+static bool kdo_serialize_RenewalResponse(
    const ODK_ParseRenewal_Args* args,
    const ODK_PreparedRenewalRequest& renewal_msg,
    std::string* oemcrypto_core_message) {
  const auto& common = args->common;
-  ODK_RenewalRequest core_request{common.api_version, common.nonce,
+  ODK_RenewalRequest core_request{common.api_minor_version,
+                                  common.api_major_version, common.nonce,
                                  common.session_id, renewal_msg.playback_time};
-  return CreateCoreRenewalResponse(core_request, oemcrypto_core_message);
+  return CreateCoreRenewalResponse(
+      core_request, args->timer_limits.initial_renewal_duration_seconds,
+      oemcrypto_core_message);
 }

-static OEMCryptoResult odk_fun_ProvisioningResponse(
-    const uint8_t* buf, size_t len, uint32_t api_version, uint32_t nonce,
-    uint32_t session_id, ODK_ParseProvisioning_Args* a,
-    ODK_ParsedProvisioning& parsed_prov) {
-  return ODK_ParseProvisioning(buf, len, api_version, nonce, session_id,
-                               a->device_id, a->device_id_length, &parsed_prov);
+static OEMCryptoResult odk_deserialize_ProvisioningResponse(
+    const uint8_t* buf, size_t len, ODK_ParseProvisioning_Args* a,
+    ODK_NonceValues* nonce_values, ODK_ParsedProvisioning* parsed_prov) {
+  return ODK_ParseProvisioning(buf, SIZE_MAX, len, nonce_values, a->device_id,
+                               a->device_id_length, parsed_prov);
 }

-static bool kdo_fun_ProvisioningResponse(
+static bool kdo_serialize_ProvisioningResponse(
    const ODK_ParseProvisioning_Args* args,
    const ODK_ParsedProvisioning& parsed_prov,
    std::string* oemcrypto_core_message) {
  const auto& common = args->common;
  assert(args->device_id_length <= sizeof(args->device_id));
  ODK_ProvisioningRequest core_request{
-      common.api_version, common.nonce, common.session_id,
+      common.api_minor_version, common.api_major_version, common.nonce,
+      common.session_id,
      std::string(reinterpret_cast<const char*>(args->device_id),
                  args->device_id_length)};
  return CreateCoreProvisioningResponse(parsed_prov, core_request,
                                        oemcrypto_core_message);
 }

+/**
+ * Template arguments:
+ * A: struct holding function arguments
+ * T: odk deserialize output/kdo serialize input structure
+ * F: odk deserialize function
+ * G: kdo serialize function
+ *
+ * raw bytes -> F deserialize -> struct T -> G serialize -> raw bytes
+ */
 template <typename A, typename T, typename F, typename G>
 static roundtrip_fun odk_kdo(const F& odk_fun, const G& kdo_fun) {
-  auto roundtrip = [&](const uint8_t* in, uint8_t* out, size_t size) -> size_t {
-    if (sizeof(A) > size) {
+  auto roundtrip = [&](const uint8_t* in, uint8_t* out, size_t size,
+                       size_t args_size) -> size_t {
+    // Input byte array format: [function arguments][data to parse]
+    if (args_size > size) {
      return 0;
    }

    T t = {};
-    const uint8_t* buf = in + sizeof(A);
-    size_t len = size - sizeof(A);
+    const uint8_t* buf = in + args_size;
+    size_t len = size - args_size;
    std::shared_ptr<A> _args(new A());
    A* args = _args.get();
-    memcpy(args, in, sizeof(A));
+    memcpy(args, in, args_size);
    const auto& common = args->common;
-    OEMCryptoResult err = odk_fun(buf, len, common.api_version, common.nonce,
-                                  common.session_id, args, t);
+    ODK_NonceValues nonce_values = {common.api_minor_version,
+                                    common.api_major_version, common.nonce,
+                                    common.session_id};
+    OEMCryptoResult err = odk_fun(buf, len, args, &nonce_values, &t);
    if (err != OEMCrypto_SUCCESS) {
      return 0;
    }
@@ -197,33 +262,43 @@ static roundtrip_fun odk_kdo(const F& odk_fun, const G& kdo_fun) {

 // @ fuzz raw -> parsed -> raw
 static void verify_roundtrip(const uint8_t* in, size_t size,
-                             roundtrip_fun roundtrip) {
+                             roundtrip_fun roundtrip, size_t args_size) {
  std::vector<uint8_t> _out(size);
  auto out = _out.data();
-  size_t n = roundtrip(in, out, size);
-  assert(!n || (n <= size && 0 == memcmp(in, out, n)));
+  size_t n = roundtrip(in, out, size, args_size);
+  assert(n <= size && 0 == memcmp(in + args_size, out, n));
 }

+// Entry point for fuzzer, data is random bytes program gets from autofuzzer
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  verify_roundtrip(data, size,
+                   kdo_odk<ODK_LicenseRequest>(CoreLicenseRequestFromMessage,
+                                               odk_serialize_LicenseRequest),
+                   0);
+  verify_roundtrip(data, size,
+                   kdo_odk<ODK_RenewalRequest>(CoreRenewalRequestFromMessage,
+                                               odk_serialize_RenewalRequest),
+                   sizeof(ODK_ClockValues));
  verify_roundtrip(
      data, size,
-      kdo_odk<ODK_LicenseRequest>(ParseLicenseRequest, odk_fun_LicenseRequest));
+      kdo_odk<ODK_ProvisioningRequest>(CoreProvisioningRequestFromMessage,
+                                       odk_serialize_ProvisioningRequest),
+      0);
  verify_roundtrip(
      data, size,
-      kdo_odk<ODK_RenewalRequest>(ParseRenewalRequest, odk_fun_RenewalRequest));
-  verify_roundtrip(data, size,
-                   kdo_odk<ODK_ProvisioningRequest>(
-                       ParseProvisioningRequest, odk_fun_ProvisioningRequest));
-  verify_roundtrip(data, size,
-                   odk_kdo<ODK_ParseLicense_Args, ODK_ParsedLicense>(
-                       odk_fun_LicenseResponse, kdo_fun_LicenseResponse));
-  verify_roundtrip(data, size,
-                   odk_kdo<ODK_ParseRenewal_Args, ODK_PreparedRenewalRequest>(
-                       odk_fun_RenewalResponse, kdo_fun_RenewalResponse));
+      odk_kdo<ODK_ParseLicense_Args, ODK_ParsedLicense>(
+          odk_deserialize_LicenseResponse, kdo_serialize_LicenseResponse),
+      sizeof(ODK_ParseLicense_Args));
  verify_roundtrip(
      data, size,
-      odk_kdo<ODK_ParseProvisioning_Args, ODK_ParsedProvisioning>(
-          odk_fun_ProvisioningResponse, kdo_fun_ProvisioningResponse));
+      odk_kdo<ODK_ParseRenewal_Args, ODK_PreparedRenewalRequest>(
+          odk_deserialize_RenewalResponse, kdo_serialize_RenewalResponse),
+      sizeof(ODK_ParseRenewal_Args));
+  verify_roundtrip(data, size,
+                   odk_kdo<ODK_ParseProvisioning_Args, ODK_ParsedProvisioning>(
+                       odk_deserialize_ProvisioningResponse,
+                       kdo_serialize_ProvisioningResponse),
+                   sizeof(ODK_ParseProvisioning_Args));

  return 0;
 }