Merge oemcrypto fuzz tests into Android main

Change-Id: If7fb815fa6193ddfe9a94e925356cc177ae3bacc

libwvdrmengine/oemcrypto/test/oec_session_util.cpp

@@ -713,19 +713,19 @@ void LicenseRoundTrip::InjectFuzzedTimerLimits(
 
 void LicenseRoundTrip::InjectFuzzedResponseData(const uint8_t* data,
                                                 size_t size) {
-  // Interpreting fuzz data as unencrypted core_response + message_data
+  // Interpreting fuzz data as unencrypted core_response + response_data +
+  // key_array
   FuzzedData fuzzed_data(data, size);
 
   // Copy core_response from data.
   fuzzed_data.Fill(&core_response_, sizeof(core_response_));
 
-  // Maximum number of keys could be kMaxNumKeys(30). key_array_length can be
-  // any random value as it is read from fuzz data.
-  // Key data array(MessageKeyData keys[kMaxNumKeys]) will be looped over
-  // key_array_length number of times during LoadLicense. If key_array_length is
-  // more than kMaxNumKeys, setting it to max value of kMaxNumKeys as we should
-  // not go out of bounds of this array length. For corpus, this value is
-  // already hard coded to 4.
+  // Copy response_data from data.
+  fuzzed_data.Fill(&response_data_, sizeof(response_data_));
+
+  // If key_array_length is more than kMaxNumKeys, we set it to kMaxNumKeys to
+  // prevent it from going out of bounds. For corpus, this value is already hard
+  // coded to 4.
   if (core_response_.key_array_length > kMaxNumKeys) {
     core_response_.key_array_length = kMaxNumKeys;
   }
@@ -733,6 +733,13 @@ void LicenseRoundTrip::InjectFuzzedResponseData(const uint8_t* data,
   // For corpus data, this value gets set to 4, but we need to test other
   // scenarios too, hence reading key_array_length value.
   set_num_keys(core_response_.key_array_length);
+
+  // Copy key_array from data.
+  key_array_.resize(num_keys_);
+  core_response_.key_array = key_array_.data();
+  fuzzed_data.Fill(core_response_.key_array,
+                   num_keys_ * sizeof(*core_response_.key_array));
+
   ConvertDataToValidBools(&core_response_);
 
   // TODO(b/157520981): Once assertion bug is fixed, for loop can be removed.
@@ -753,11 +760,9 @@ void LicenseRoundTrip::InjectFuzzedResponseData(const uint8_t* data,
     }
   }
 
-  // Copy response_data from data and set nonce to match one in request to pass
-  // nonce validations.
-  fuzzed_data.Fill(&response_data_, sizeof(response_data_));
+  // Set nonce to match one in request to pass nonce validations.
   for (uint32_t i = 0; i < num_keys_; ++i) {
-    response_data_.keys[i].control.nonce = session()->nonce();
+    response_data_.keys[i].control.nonce = htonl(session()->nonce());
   }
 }
 
@@ -950,11 +955,14 @@ OEMCryptoResult LicenseRoundTrip::LoadResponse(Session* session,
     const std::string file_name =
         GetFileName("oemcrypto_load_license_fuzz_seed_corpus");
     // Corpus for license response fuzzer should be in the format:
-    // core_response + response_data.
+    // core_response + response_data + key_array.
     AppendToFile(file_name, reinterpret_cast<const char*>(&core_response_),
-                 sizeof(ODK_ParsedLicense));
+                 sizeof(core_response_));
     AppendToFile(file_name, reinterpret_cast<const char*>(&response_data_),
                  sizeof(response_data_));
+    AppendToFile(
+        file_name, reinterpret_cast<const char*>(core_response_.key_array),
+        core_response_.key_array_length * sizeof(*core_response_.key_array));
   }
 
   // Some tests adjust the offset to be beyond the length of the message.  Here,