widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0bcf8166773a92f86a0b349a0a4b0776a5d8655b
android/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_helper.cc
Rahul Frias e4cde22826 Merge of OEMCrypto fuzz test CLs 
----------------------------------------------------------------------

Fix oemcrypto_generic_verify_fuzz mutator signature offset

[ Merge of http://go/wvgerrit/165899 ]

Merged from https://widevine-internal-review.googlesource.com/165598

Change-Id: I85574fcd62622d2954c306688e04ecfda333c0cb

----------------------------------------------------------------------

Fix regressions in oemcrypto_decrypt_cenc_fuzz

[ Merge of http://go/wvgerrit/162151 ]

Fix null-dereference of subsamples vector and potential memory leak due
to parsing errors.

Bug: 260005865
Bug: 260013015

Merged from https://widevine-internal-review.googlesource.com/162081

Change-Id: I91bf1baa726803b2a0073ff3db94e69719d377bb

----------------------------------------------------------------------

Add custom mutator to oemcrypto_generic_verify_fuzz

[ Merge of http://go/wvgerrit/161578 ]

Enable fuzzing mutations beyond changing the signature length.

Merged from https://widevine-internal-review.googlesource.com/159917

Change-Id: I022d752107b788bd45aafb8325e3186ef90336de

----------------------------------------------------------------------

Refactor oemcrypto_decrypt_cenc_fuzz

[ Merge of http://go/wvgerrit/161546 ]

Refactor to minimize the required corpus length, fuzz the sample input
data, and avoid undefined behavior related to filling
OEMCrypto_DestBufferDesc::buffer with fuzzed data.

Merged from https://widevine-internal-review.googlesource.com/159618

Change-Id: Id9af8b1704d4619ba88ab8de3adb35d5f8bb69f6

----------------------------------------------------------------------

Refactor oemcrypto_copy_buffer_fuzz

[ Merge of http://go/wvgerrit/161307 ]

Refactor to minimize the required corpus length, fuzz the output buffer
length, and avoid undefined behavior related to filling
OEMCrypto_DestBufferDesc::buffer with fuzzed data.

Merged from https://widevine-internal-review.googlesource.com/159617

Change-Id: Ieddc6260e5eca641f8409a9b361ca4e5a40d6f52

----------------------------------------------------------------------

Improve AddressSanitizer coverage for LoadEntitledContentKeys fuzzing

[ Merge of http://go/wvgerrit/161397 ]

Split fuzzed message into separate buffer so AddressSanitizer can detect
out-of-bounds accesses.

Merged from https://widevine-internal-review.googlesource.com/161277

----------------------------------------------------------------------

Avoid copying fuzzed data when separator splitting

[ Merge of http://go/wvgerrit/161120 ]

Merged from https://widevine-internal-review.googlesource.com/159497

Change-Id: I2b13ff34eee74c8aea9a8176aa711e3e2bc57add

----------------------------------------------------------------------

Fix oemcrypto_opk_dispatcher_fuzz

[ Merge of http://go/wvgerrit/161119 ]

Set ODK_Message size and add timestamp field to initialization requests.

Merged from https://widevine-internal-review.googlesource.com/159897

Change-Id: Ide51d1cb4119a396212d1802411cfa19f5792e9d

----------------------------------------------------------------------

Cover empty buffers in fuzz tests

[ Merge of http://go/wvgerrit/161018 ]

Update tests that avoid passing empty buffers to OEMCrypto API methods.

Merged from https://widevine-internal-review.googlesource.com/159317

Change-Id: If0d8007e3294820654b081fe813a09485e757f1c

----------------------------------------------------------------------

Fix cherry pick of "Improve buffer size distribution in fuzz tests"

[ Merge of http://go/wvgerrit/161022 ]

Change-Id: I8b0440fe13b513396b5779c25e6a46ac40eaa183

----------------------------------------------------------------------

Improve buffer size distribution in fuzz tests

[ Merge of http://go/wvgerrit/160957 ]

When a buffer size is fuzzed, use the modulo operation, instead of
std::min, to create an even distribution.

Merged from https://widevine-internal-review.googlesource.com/159157

Change-Id: I3c1168c7a7d739793005927a97af18de5df2e4c6

----------------------------------------------------------------------

Improve AddressSanitizer coverage in fuzz tests

[ Merge of http://go/wvgerrit/160464 ]

Split fuzzed data into separate buffers so AddressSanitizer can detect
all out-of-bounds accesses.

Merged from https://widevine-internal-review.googlesource.com/158977

Change-Id: I7ca67409b7c6f96548e21ab41f6caf99f738605d
2023-02-28 00:40:35 +00:00

66 lines
2.4 KiB
C++
Raw Blame History

// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine
// License Agreement.
#include "oemcrypto_fuzz_helper.h"
namespace wvoec {
void RedirectStdoutToFile() { freopen("log.txt", "a", stdout); }
std::vector<FuzzedData> SplitFuzzedData(const uint8_t* data, size_t size) {
std::vector<FuzzedData> result;
const uint8_t* const end = data + size;
// Using memmem to find separator.
while (
const uint8_t* const separator = reinterpret_cast<const uint8_t*>(memmem(
data, end - data, kFuzzDataSeparator, sizeof(kFuzzDataSeparator)))) {
result.push_back({data, static_cast<size_t>(separator - data)});
data = separator + sizeof(kFuzzDataSeparator);
}
if (data < end) {
result.push_back({data, static_cast<size_t>(end - data)});
}
return result;
}
void OEMCryptoLicenseAPIFuzz::LoadLicense() {
license_messages_.SignAndVerifyRequest();
license_messages_.CreateDefaultResponse();
license_messages_.EncryptAndSignResponse();
OEMCryptoResult sts = license_messages_.LoadResponse();
CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS);
}
void OEMCryptoProvisioningAPIFuzz::LoadProvisioning() {
provisioning_messages_.SignAndVerifyRequest();
provisioning_messages_.CreateDefaultResponse();
provisioning_messages_.EncryptAndSignResponse();
OEMCryptoResult sts = provisioning_messages_.LoadResponse();
CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS);
}
void LicenseWithUsageEntryFuzz::CreateUsageTableHeader() {
size_t header_buffer_length = 0;
OEMCryptoResult sts =
OEMCrypto_CreateUsageTableHeader(nullptr, &header_buffer_length);
encrypted_usage_header_.resize(header_buffer_length);
sts = OEMCrypto_CreateUsageTableHeader(encrypted_usage_header_.data(),
&header_buffer_length);
CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS);
}
void LicenseWithUsageEntryFuzz::LoadLicense() {
license_messages_.SignAndVerifyRequest();
license_messages_.CreateDefaultResponse();
license_messages_.EncryptAndSignResponse();
OEMCryptoResult sts = license_messages_.LoadResponse();
CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS);
}
void CheckStatusAndExitFuzzerOnFailure(OEMCryptoResult result,
OEMCryptoResult expected_status) {
if (result != expected_status) {
abort();
}
}
} // namespace wvoec
Reference in New Issue View Git Blame Copy Permalink