widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0bcf8166773a92f86a0b349a0a4b0776a5d8655b
android/libwvdrmengine/oemcrypto/test/fuzz_tests/oemcrypto_fuzz_structs.h
Rahul Frias e4cde22826 Merge of OEMCrypto fuzz test CLs 
----------------------------------------------------------------------

Fix oemcrypto_generic_verify_fuzz mutator signature offset

[ Merge of http://go/wvgerrit/165899 ]

Merged from https://widevine-internal-review.googlesource.com/165598

Change-Id: I85574fcd62622d2954c306688e04ecfda333c0cb

----------------------------------------------------------------------

Fix regressions in oemcrypto_decrypt_cenc_fuzz

[ Merge of http://go/wvgerrit/162151 ]

Fix null-dereference of subsamples vector and potential memory leak due
to parsing errors.

Bug: 260005865
Bug: 260013015

Merged from https://widevine-internal-review.googlesource.com/162081

Change-Id: I91bf1baa726803b2a0073ff3db94e69719d377bb

----------------------------------------------------------------------

Add custom mutator to oemcrypto_generic_verify_fuzz

[ Merge of http://go/wvgerrit/161578 ]

Enable fuzzing mutations beyond changing the signature length.

Merged from https://widevine-internal-review.googlesource.com/159917

Change-Id: I022d752107b788bd45aafb8325e3186ef90336de

----------------------------------------------------------------------

Refactor oemcrypto_decrypt_cenc_fuzz

[ Merge of http://go/wvgerrit/161546 ]

Refactor to minimize the required corpus length, fuzz the sample input
data, and avoid undefined behavior related to filling
OEMCrypto_DestBufferDesc::buffer with fuzzed data.

Merged from https://widevine-internal-review.googlesource.com/159618

Change-Id: Id9af8b1704d4619ba88ab8de3adb35d5f8bb69f6

----------------------------------------------------------------------

Refactor oemcrypto_copy_buffer_fuzz

[ Merge of http://go/wvgerrit/161307 ]

Refactor to minimize the required corpus length, fuzz the output buffer
length, and avoid undefined behavior related to filling
OEMCrypto_DestBufferDesc::buffer with fuzzed data.

Merged from https://widevine-internal-review.googlesource.com/159617

Change-Id: Ieddc6260e5eca641f8409a9b361ca4e5a40d6f52

----------------------------------------------------------------------

Improve AddressSanitizer coverage for LoadEntitledContentKeys fuzzing

[ Merge of http://go/wvgerrit/161397 ]

Split fuzzed message into separate buffer so AddressSanitizer can detect
out-of-bounds accesses.

Merged from https://widevine-internal-review.googlesource.com/161277

----------------------------------------------------------------------

Avoid copying fuzzed data when separator splitting

[ Merge of http://go/wvgerrit/161120 ]

Merged from https://widevine-internal-review.googlesource.com/159497

Change-Id: I2b13ff34eee74c8aea9a8176aa711e3e2bc57add

----------------------------------------------------------------------

Fix oemcrypto_opk_dispatcher_fuzz

[ Merge of http://go/wvgerrit/161119 ]

Set ODK_Message size and add timestamp field to initialization requests.

Merged from https://widevine-internal-review.googlesource.com/159897

Change-Id: Ide51d1cb4119a396212d1802411cfa19f5792e9d

----------------------------------------------------------------------

Cover empty buffers in fuzz tests

[ Merge of http://go/wvgerrit/161018 ]

Update tests that avoid passing empty buffers to OEMCrypto API methods.

Merged from https://widevine-internal-review.googlesource.com/159317

Change-Id: If0d8007e3294820654b081fe813a09485e757f1c

----------------------------------------------------------------------

Fix cherry pick of "Improve buffer size distribution in fuzz tests"

[ Merge of http://go/wvgerrit/161022 ]

Change-Id: I8b0440fe13b513396b5779c25e6a46ac40eaa183

----------------------------------------------------------------------

Improve buffer size distribution in fuzz tests

[ Merge of http://go/wvgerrit/160957 ]

When a buffer size is fuzzed, use the modulo operation, instead of
std::min, to create an even distribution.

Merged from https://widevine-internal-review.googlesource.com/159157

Change-Id: I3c1168c7a7d739793005927a97af18de5df2e4c6

----------------------------------------------------------------------

Improve AddressSanitizer coverage in fuzz tests

[ Merge of http://go/wvgerrit/160464 ]

Split fuzzed data into separate buffers so AddressSanitizer can detect
all out-of-bounds accesses.

Merged from https://widevine-internal-review.googlesource.com/158977

Change-Id: I7ca67409b7c6f96548e21ab41f6caf99f738605d
2023-02-28 00:40:35 +00:00

93 lines
3.1 KiB
C++
Raw Blame History

// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine
// License Agreement.
#ifndef OEMCRYPTO_FUZZ_STRUCTS_H_
#define OEMCRYPTO_FUZZ_STRUCTS_H_
#include "core_message_types.h"
#include "odk.h"
namespace wvoec {
// OEMCrypto_DestBufferDesc fuzzed properties.
struct OEMCrypto_DestBufferDesc_Fuzz {
OEMCryptoBufferType type;
size_t buffer_config;
};
// OEMCrypto_InputOutputPair fuzzed properties.
struct OEMCrypto_InputOutputPair_Fuzz {
size_t input_data_length;
OEMCrypto_DestBufferDesc_Fuzz output_descriptor;
};
// OEMCrypto_SampleDescription fuzzed properties.
struct OEMCrypto_SampleDescription_Fuzz {
OEMCrypto_InputOutputPair_Fuzz buffers;
uint8_t iv[16];
size_t subsamples_length;
};
struct OEMCrypto_Renewal_Response_Fuzz {
// Timer limits in core license response needs to be fuzzed as load renewal
// depends on timer limits loaded from license response.
ODK_TimerLimits timer_limits;
// message(core_response + license_renewal_response) which mimics
// response from license renewal server needs to be fuzzed. core_request
// will be used to generate serialized core response.
oemcrypto_core_message::ODK_RenewalRequest core_request;
// Renewal duration seconds needs to be fuzzed which is part of serialized
// core message from license renewal server.
uint64_t renewal_duration_seconds;
// license_renewal_response is of variable length and not included in this
// structure.
};
struct OEMCrypto_Request_Fuzz {
// We would like to fuzz computed signature_length, input core_message_length
// that ODK parses and actual message buffer to the request APIs.
size_t signature_length;
size_t core_message_length;
// Request message is of variable length and not included in this structure.
};
struct OEMCrypto_Decrypt_Cenc_Fuzz {
// Corpus format is as below, let | be separator.
// cipher_mode + pattern + sample_data for all samples |
// subsample_data for all samples
OEMCryptoCipherMode cipher_mode;
OEMCrypto_CENCEncryptPatternDesc pattern;
// Sample data and subsample data are of variable length and not included in
// this structure.
};
struct OEMCrypto_Generic_Api_Fuzz {
// Corpus format is as below, let | be separator.
// cipher_mode + algorithm + iv | buffer with actual data
OEMCryptoCipherMode cipher_mode;
OEMCrypto_Algorithm algorithm;
// iv and buffer data are of variable length and not included in
// this structure.
};
struct OEMCrypto_Generate_RSA_Signature_Fuzz {
// Corpus format is as below, let | be separator.
// padding_scheme + signature_length + input buffer
RSA_Padding_Scheme padding_scheme;
size_t signature_length;
// input buffer data is of variable length and not included in
// this structure.
};
struct OEMCrypto_Copy_Buffer_Fuzz {
// Corpus format is as below.
// dest_buffer_desc + subsample_flags + input buffer
OEMCrypto_DestBufferDesc_Fuzz dest_buffer_desc;
uint8_t subsample_flags;
// Input buffer of variable length is not included in this structure.
};
} // namespace wvoec
#endif // OEMCRYPTO_FUZZ_STRUCTS_H_
Reference in New Issue View Git Blame Copy Permalink