// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary // source code may only be used and distributed under the Widevine // License Agreement. #include #include "FuzzedDataProvider.h" #include "OEMCryptoCENC.h" #include "oec_session_util.h" #include "oemcrypto_fuzz_helper.h" #include "oemcrypto_fuzz_structs.h" namespace { // Avoid calling non-trivial destructor. wvoec::OEMCryptoLicenseAPIFuzz& license_api_fuzz = *new wvoec::OEMCryptoLicenseAPIFuzz; } // namespace extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) { wvoec::RedirectStdoutToFile(); license_api_fuzz.Initialize(); license_api_fuzz.LoadLicenseWithGenericCryptoKeys(); return 0; } extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Split data using separator. const std::vector inputs = wvoec::SplitFuzzedData(data, size); if (inputs.size() < 2) { return 0; } // Deserialize fuzzed data. wvoec::OEMCrypto_Generic_Api_Fuzz fuzzed_structure; if (inputs[0].size < sizeof(fuzzed_structure)) { return 0; } FuzzedDataProvider fuzzed_data(inputs[0].data, inputs[0].size); fuzzed_data.ConsumeData(&fuzzed_structure, sizeof(fuzzed_structure)); wvoec::ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, fuzzed_structure.cipher_mode); wvoec::ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, fuzzed_structure.algorithm); const std::vector buffer = fuzzed_data.ConsumeRemainingBytes(); const std::vector signature(inputs[1].data, inputs[1].data + inputs[1].size); // Select key and verify. wvoec::Session& session = license_api_fuzz.session(); std::vector key_handle; wvoec::GetKeyHandleIntoVector(session.session_id(), session.license().keys[3].key_id, session.license().keys[3].key_id_length, fuzzed_structure.cipher_mode, key_handle); OEMCrypto_Generic_Verify(key_handle.data(), key_handle.size(), buffer.data(), buffer.size(), fuzzed_structure.algorithm, signature.data(), signature.size()); return 0; }