/* * Copyright (C) 2023 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ #include "service_certificate.h" #include "vendor_widevine_fuzz_helper.h" #include "wv_cdm_event_listener.h" #include "wv_cdm_types.h" #include #include #include #include using namespace wvcdm; using namespace video_widevine; static constexpr int32_t kMaxNum = 3; static constexpr int32_t kMinNum = 0; static constexpr int32_t kMaxByte = 256; class ServiceCertificateFuzzer { public: ServiceCertificateFuzzer(const uint8_t *data, size_t size) : mFdp(data, size){}; void process(); private: FuzzedDataProvider mFdp; }; void ServiceCertificateFuzzer::process() { EncryptedClientIdentification encryptedClientId; ClientIdentification clearClientId; ServiceCertificate serviceCertificate; while (mFdp.remaining_bytes()) { auto invokeServiceCertificateAPI = mFdp.PickValueInArray>({ [&]() { FuzzCdmClientPropertySet propertySet(&mFdp); propertySet.enable_privacy_mode(); propertySet.set_service_certificate(kTestSignedCertificate); PropertiesTestPeer::ForceReinit(); PropertiesTestPeer::AddSessionPropertySet( mFdp.ConsumeBool() ? kTestSessionId1 : mFdp.ConsumeRandomLengthString(kMaxByte), &propertySet); std::string rawServiceCertificate; PropertiesTestPeer::GetServiceCertificate( mFdp.ConsumeBool() ? kTestSessionId1 : mFdp.ConsumeRandomLengthString(kMaxByte), &rawServiceCertificate); if (mFdp.ConsumeBool()) { serviceCertificate.Init(mFdp.ConsumeBool() ? rawServiceCertificate : kTestSignedCertificate); } else { serviceCertificate.Init( mFdp.ConsumeRandomLengthString(kMaxByte)); } }, [&]() { serviceCertificate.VerifySignedMessage( mFdp.ConsumeRandomLengthString(kMaxByte) /*message*/, mFdp.ConsumeRandomLengthString(kMaxByte) /*signature*/); }, [&]() { CdmKeyMessage signedCertificate = mFdp.ConsumeRandomLengthString(kMaxByte); serviceCertificate.ParseResponse( mFdp.ConsumeRandomLengthString(kMaxByte) /*response*/, mFdp.ConsumeBool() ? nullptr : &signedCertificate /*signed_certificate*/); }, [&]() { CdmKeyMessage request; serviceCertificate.GetRequest(mFdp.ConsumeBool() ? nullptr : &request); }, [&]() { /** * crypto_session object is not used in EncryptClientId. * Therefore keeping crypto_session as nullptr. */ ClientIdentification_ClientCapabilities *clientCapabilities = clearClientId.mutable_client_capabilities(); /** * Default value of clientCapabilities is false. * So passing true to all set methods. */ int32_t clientCase = mFdp.ConsumeIntegralInRange(kMinNum, kMaxNum); switch (clientCase) { case 0: clientCapabilities->set_client_token(true /*Value*/); break; case 1: clientCapabilities->set_session_token(true /*Value*/); break; case 2: clientCapabilities->set_video_resolution_constraints( true /*Value*/); break; default: break; } serviceCertificate.EncryptClientId(nullptr /*crypto_session*/, &clearClientId, &encryptedClientId); }, }); invokeServiceCertificateAPI(); } } extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ServiceCertificateFuzzer serviceCertificateFuzzer(data, size); serviceCertificateFuzzer.process(); return 0; }