# Fuzzers for libcdm

## Table of contents
+ [policy_engine_fuzzer](#PolicyEngine)
+ [content_decryption_fuzzer](#ContentDecryption)
+ [system_id_extractor_fuzzer](#SystemIdExtractor)
+ [service_certificate_fuzzer](#ServiceCertificate)
+ [policy_timers_fuzzer](#PolicyTimers)
+ [privacy_crypto_fuzzer](#PrivacyCrypto)
+ [cdm_license_fuzzer](#CdmLicense)
+ [crypto_session_fuzzer](#CryptoSession)
+ [buffer_reader_fuzzer](#BufferReader)
+ [cdm_engine_fuzzer](#CdmEngine)
+ [certificate_provisioning_fuzzer](#CertificateProvisioning)
+ [device_files_fuzzer](#DeviceFile)
+ [cdm_session_fuzzer](#CdmSession)

# <a name="PolicyEngine"></a> Fuzzer for PolicyEngine

PolicyEngine supports the following parameters:
1. SigningKeyId (parameter name: "kSigningKeyId")
2. RenewalServerUrl (parameter name: "kRenewalServerUrl")
3. EntitlementKeyId (parameter name: "kEntitlementKeyId")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`kSigningKeyId`| `String` |Value obtained from FuzzedDataProvider|
|`kRenewalServerUrl`| `String` |Value obtained from FuzzedDataProvider|
|`kEntitlementKeyId`| `String` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) policy_engine_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/policy_engine_fuzzer/vendor/policy_engine_fuzzer
```

# <a name="ContentDecryption"></a> Fuzzer for ContentDecryption

ContentDecryption supports the following parameters:
1. Cert Authority (parameter name: "certAuthority")
2. Server Url (parameter name: "serverUrl")
3. Service Certificate (parameter name: "serviceCertificate")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`certAuthority`| `String` |Value obtained from FuzzedDataProvider|
|`serverUrl`| `String` |Value obtained from FuzzedDataProvider|
|`serviceCertificate`| `String` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) content_decryption_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/content_decryption_fuzzer/vendor/content_decryption_fuzzer
```

# <a name="SystemIdExtractor"></a> Fuzzer for SystemIdExtractor

SystemIdExtractor supports the following parameters:
1. OEM Cert (parameter name: "oemCert")
2. Key Data (parameter name: "keyData")
3. System Id (parameter name: "mSystemId")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`oemCert`| `String` |Value obtained from FuzzedDataProvider|
|`keyData`| `String` |Value obtained from FuzzedDataProvider|
|`mSystemId`| `Integer in range 0 to 256` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) system_id_extractor_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/system_id_extractor_fuzzer/vendor/system_id_extractor_fuzzer
```

# <a name="ServiceCertificate"></a> Fuzzer for ServiceCertificate

ServiceCertificate supports the following parameters:
1. Message (parameter name: "message")
2. Signature (parameter name: "signature")
3. Request (parameter name: "request")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`message`| `String` |Value obtained from FuzzedDataProvider|
|`signature`| `String` |Value obtained from FuzzedDataProvider|
|`request`| `String` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) service_certificate_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/service_certificate_fuzzer/vendor/service_certificate_fuzzer
```

# <a name="PolicyTimers"></a> Fuzzer for PolicyTimers

PolicyTimers supports the following parameters:
1. Seconds Since Last Played (parameter name: "secondsSinceLastPlayed")
2. Expiry Time (parameter name: "expiryTime")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`secondsSinceLastPlayed`| `Integer` |Value obtained from FuzzedDataProvider|
|`expiryTime`| `Interger` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) policy_timers_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/policy_timers_fuzzer/vendor/policy_timers_fuzzer
```

# <a name="PrivacyCrypto"></a> Fuzzer for PrivacyCrypto

PrivacyCrypto supports the following parameters:
1. Message (parameter name: "message")
2. Key (parameter name: "key")
3. Iv (parameter name: "iv")
4. Data (parameter name: 'data')
5. CertIndex (parameter name: 'certIndex')

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`message`| `String` |Value obtained from FuzzedDataProvider|
|`key`| `String` |Value obtained from FuzzedDataProvider|
|`iv`| `String` |Value obtained from FuzzedDataProvider|
|`data`| `String` |Value obtained from FuzzedDataProvider|
|`certIndex`| `Integer` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) privacy_crypto_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/privacy_crypto_fuzzer/vendor/privacy_crypto_fuzzer
```
# <a name="CdmLicense"></a> Fuzzer for CdmLicense

CdmLicense supports the following parameters:
1. InitiDataType (parameter name: "kInitiDataType")
2. ProtectionScheme (parameter name: "kProtectionScheme")
3. SecurityLevel (parameter name: "kSecurityLevel")
4. SignedType(parameter name: "kSignedType")


| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`kInitiDataType`| 1. `video/mp4` <br> 2. `video/webm` <br> 3. `cenc` <br> 4. `hls` <br> 5. `webm` <br> |Value obtained from FuzzedDataProvider|
|`kProtectionScheme`| 1. `0x63626331` <br> 2. `0x63626373` <br> 3. `0x31636263` <br> 4. `0x73636263` <br> 5. `0x63656e63` <br>  |Value obtained from FuzzedDataProvider|
|`kSecurityLevel`| 1. `QUERY_VALUE_SECURITY_LEVEL_L1` <br> 2. `QUERY_VALUE_SECURITY_LEVEL_L2` <br> 3. `QUERY_VALUE_SECURITY_LEVEL_L3` <br> |Value obtained from FuzzedDataProvider|
|`kSignedType`| 1. `SignedMessage::LICENSE` <br> 2.`SignedMessage::SERVICE_CERTIFICATE` <br> 3. `SignedMessage::ERROR_RESPONSE`|Value obtained from FuzzedDataProvider|


#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) cdm_license_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/cdm_license_fuzzer/vendor/cdm_license_fuzzer
```
# <a name="CryptoSession"></a> Fuzzer for CryptoSession

CryptoSession supports the following parameters:
1. token (parameter name: "token")
2. signed_message (parameter name: "signed_message")
3. signature (parameter name: "signature")
4. provider_session_token (parameter name: "signature")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`token`| `String` |Value obtained from FuzzedDataProvider|
|`signed_message`| `String` |Value obtained from FuzzedDataProvider|
|`signature`| `String` |Value obtained from FuzzedDataProvider|
|`provider_session_token`| `String` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) crypto_session_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/arm64/crypto_session_fuzzer/vendor/crypto_session_fuzzer
```

# <a name="BufferReader"></a> Fuzzer for BufferReader

BufferReader supports the following parameters:
1. Buffer reader data (parameter name: "rawData")
2. Init data types (parameter name: "initDataType")
3. HLS methods (parameter name:"hlsMethod")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`rawData`| `Vector` |Value obtained from FuzzedDataProvider|
|`initDataType`| 1.`HLS_INIT_DATA_FORMAT` 2.`ISO_BMFF_VIDEO_MIME_TYPE` 3.`ISO_BMFF_AUDIO_MIME_TYPE` 4.`CENC_INIT_DATA_FORMAT` 5.`WEBM_VIDEO_MIME_TYPE` 6.`WEBM_AUDIO_MIME_TYPE` 7.`WEBM_INIT_DATA_FORMAT` |Value obtained from FuzzedDataProvider|
|`hlsMethod`| 1.`HLS_METHOD_AES_128` 2.`HLS_METHOD_NONE` 3.`HLS_METHOD_SAMPLE_AES` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) buffer_reader_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/buffer_reader_fuzzer/vendor/buffer_reader_fuzzer
```

# <a name="CdmEngine"></a> Fuzzer for CdmEngine

CdmEngine supports the following parameters:
1. Key System (parameter name: "keySystem")
2. Level (parameter name: "level")
3. Frame Number (parameter name: "frameNum")
4. Spoid (parameter name: "spoid")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`keySystem`| `String` |Value obtained from FuzzedDataProvider|
|`level`| `int32_t` |Value obtained from FuzzedDataProvider|
|`frameNum`| `unit32_t` |Value obtained from FuzzedDataProvider|
|`spoid`| `String` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) cdm_engine_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/arm64/cdm_engine_fuzzer/vendor/cdm_engine_fuzzer
```
# <a name="CertificateProvisioning"></a> Fuzzer for CertificateProvisioning

CertificateProvisioning supports the following parameters:
1. service_certificate (parameter name: "service_certificate")
2. responseMessage (parameter name: "response")
3. type (parameter name: "type")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`service_certificate`| `String` |Value obtained from FuzzedDataProvider|
|`responseMessage`| `String` |Value obtained from FuzzedDataProvider|
|`type`| 1. `ResponseType::kNoError` <br> 2. `ResponseType::kResponseTypeBase` <br> 3. `ResponseType::kObjectNotInitialized` <br> 4. `ResponseType::kParameterNull` <br> 5. `ResponseType::kBasePathUnavailable` <br> 6. `ResponseType::kFileOpenFailed` <br> 7. `ResponseType::kFileWriteError` <br> 8. `ResponseType::kFileReadError` <br> 9. `ResponseType::kInvalidFileSize` <br> 10. `ResponseType::kHashComputationFailed` <br> 11. `ResponseType::kFileHashMismatch` <br> 12. `ResponseType::kFileParseError1` <br> 13. `ResponseType::kFileParseError2` <br> 14. `ResponseType::kUnknownLicenseState` <br> 15. `ResponseType::kIncorrectFileType` <br> 16. `ResponseType::kIncorrectFileVersion` <br> 17. `ResponseType::kLicenseNotPresent` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) certificate_provisioning_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/certificate_provisioning_fuzzer/vendor/certificate_provisioning_fuzzer
```

# <a name="DeviceFile"></a> Fuzzer for DeviceFile

DeviceFile supports the following parameters:
1. AtscModeEnabled (parameter name: "atsc_mode_enabled")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`AtscModeEnabled`| `Bool` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) device_files_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/device_files_fuzzer/vendor/device_files_fuzzer
```

# <a name="CdmSession"></a> Fuzzer for CdmSession

CdmSession supports the following parameters:
1. CdmKeyResponse (parameter name: "key_response")
2. CdmSessionId (parameter name: "forced_session_id")
3. KeyId (parameter name:"key_id")

| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`key_response`| `String` |Value obtained from FuzzedDataProvider|
|`forced_session_id`| `String` |Value obtained from FuzzedDataProvider|
|`key_id`| `String` |Value obtained from FuzzedDataProvider|

#### Steps to run
1. Build the fuzzer
```
  $ mm -j$(nproc) cdm_session_fuzzer
```
2. Run on device
```
  $ adb sync data
  $ adb shell /data/fuzz/arm64/cdm_session_fuzzer/vendor/cdm_session_fuzzer
```