57b391c8b9
- Update ConvertDataToValidEnum to not use FuzzedDataProvider since it causes unexpected parsing results. - Add OEMCryptoLicenseAPIFuzz::LoadLicenseWithGenericCryptoKeys so that generic crypto fuzz tests can load appropriate keys. - Remove custom mutator from oemcrypto_generic_verify_fuzz because it provides minimal additional coverage. - Refresh affected corpus files. Merged from https://widevine-internal-review.googlesource.com/168557 Merged from https://widevine-internal-review.googlesource.com/171191 Merged from https://widevine-internal-review.googlesource.com/172170 Merged from https://widevine-internal-review.googlesource.com/172250 Change-Id: Ie676a36cbf4c12bdda9566fad3590a7b69168d9c
62 lines
2.3 KiB
C++
62 lines
2.3 KiB
C++
// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine
|
|
// License Agreement.
|
|
|
|
#include <vector>
|
|
|
|
#include "FuzzedDataProvider.h"
|
|
#include "OEMCryptoCENC.h"
|
|
#include "oemcrypto_fuzz_helper.h"
|
|
#include "oemcrypto_fuzz_structs.h"
|
|
|
|
namespace {
|
|
|
|
// Avoid calling non-trivial destructor.
|
|
wvoec::OEMCryptoLicenseAPIFuzz& license_api_fuzz =
|
|
*new wvoec::OEMCryptoLicenseAPIFuzz;
|
|
|
|
} // namespace
|
|
|
|
extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
|
|
wvoec::RedirectStdoutToFile();
|
|
license_api_fuzz.Initialize();
|
|
license_api_fuzz.LoadLicenseWithGenericCryptoKeys();
|
|
return 0;
|
|
}
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
|
|
wvoec::OEMCrypto_Generic_Api_Fuzz fuzzed_structure;
|
|
if (size < sizeof(fuzzed_structure)) {
|
|
return 0;
|
|
}
|
|
// Copy OEMCrypto_Generic_Api_Fuzz from input data.
|
|
FuzzedDataProvider fuzzed_data(data, size);
|
|
fuzzed_data.ConsumeData(&fuzzed_structure, sizeof(fuzzed_structure));
|
|
wvoec::ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue,
|
|
fuzzed_structure.cipher_mode);
|
|
wvoec::ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue,
|
|
fuzzed_structure.algorithm);
|
|
// Copy clear buffer from input data.
|
|
const std::vector<uint8_t> clear_buffer =
|
|
fuzzed_data.ConsumeRemainingBytes<uint8_t>();
|
|
|
|
// Select key and sign.
|
|
wvoec::Session& session = license_api_fuzz.session();
|
|
std::vector<uint8_t> key_handle;
|
|
wvoec::GetKeyHandleIntoVector(session.session_id(),
|
|
session.license().keys[2].key_id,
|
|
session.license().keys[2].key_id_length,
|
|
fuzzed_structure.cipher_mode, key_handle);
|
|
size_t signature_length = 0;
|
|
OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(),
|
|
clear_buffer.data(), clear_buffer.size(),
|
|
fuzzed_structure.algorithm, nullptr,
|
|
&signature_length);
|
|
std::vector<uint8_t> signature(signature_length);
|
|
OEMCrypto_Generic_Sign(key_handle.data(), key_handle.size(),
|
|
clear_buffer.data(), clear_buffer.size(),
|
|
fuzzed_structure.algorithm, signature.data(),
|
|
&signature_length);
|
|
return 0;
|
|
}
|