widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0bcf8166773a92f86a0b349a0a4b0776a5d8655b
android/libwvdrmengine/oemcrypto/test/oec_decrypt_fallback_chain.cpp
Rahul Frias e4cde22826 Merge of OEMCrypto fuzz test CLs 
----------------------------------------------------------------------

Fix oemcrypto_generic_verify_fuzz mutator signature offset

[ Merge of http://go/wvgerrit/165899 ]

Merged from https://widevine-internal-review.googlesource.com/165598

Change-Id: I85574fcd62622d2954c306688e04ecfda333c0cb

----------------------------------------------------------------------

Fix regressions in oemcrypto_decrypt_cenc_fuzz

[ Merge of http://go/wvgerrit/162151 ]

Fix null-dereference of subsamples vector and potential memory leak due
to parsing errors.

Bug: 260005865
Bug: 260013015

Merged from https://widevine-internal-review.googlesource.com/162081

Change-Id: I91bf1baa726803b2a0073ff3db94e69719d377bb

----------------------------------------------------------------------

Add custom mutator to oemcrypto_generic_verify_fuzz

[ Merge of http://go/wvgerrit/161578 ]

Enable fuzzing mutations beyond changing the signature length.

Merged from https://widevine-internal-review.googlesource.com/159917

Change-Id: I022d752107b788bd45aafb8325e3186ef90336de

----------------------------------------------------------------------

Refactor oemcrypto_decrypt_cenc_fuzz

[ Merge of http://go/wvgerrit/161546 ]

Refactor to minimize the required corpus length, fuzz the sample input
data, and avoid undefined behavior related to filling
OEMCrypto_DestBufferDesc::buffer with fuzzed data.

Merged from https://widevine-internal-review.googlesource.com/159618

Change-Id: Id9af8b1704d4619ba88ab8de3adb35d5f8bb69f6

----------------------------------------------------------------------

Refactor oemcrypto_copy_buffer_fuzz

[ Merge of http://go/wvgerrit/161307 ]

Refactor to minimize the required corpus length, fuzz the output buffer
length, and avoid undefined behavior related to filling
OEMCrypto_DestBufferDesc::buffer with fuzzed data.

Merged from https://widevine-internal-review.googlesource.com/159617

Change-Id: Ieddc6260e5eca641f8409a9b361ca4e5a40d6f52

----------------------------------------------------------------------

Improve AddressSanitizer coverage for LoadEntitledContentKeys fuzzing

[ Merge of http://go/wvgerrit/161397 ]

Split fuzzed message into separate buffer so AddressSanitizer can detect
out-of-bounds accesses.

Merged from https://widevine-internal-review.googlesource.com/161277

----------------------------------------------------------------------

Avoid copying fuzzed data when separator splitting

[ Merge of http://go/wvgerrit/161120 ]

Merged from https://widevine-internal-review.googlesource.com/159497

Change-Id: I2b13ff34eee74c8aea9a8176aa711e3e2bc57add

----------------------------------------------------------------------

Fix oemcrypto_opk_dispatcher_fuzz

[ Merge of http://go/wvgerrit/161119 ]

Set ODK_Message size and add timestamp field to initialization requests.

Merged from https://widevine-internal-review.googlesource.com/159897

Change-Id: Ide51d1cb4119a396212d1802411cfa19f5792e9d

----------------------------------------------------------------------

Cover empty buffers in fuzz tests

[ Merge of http://go/wvgerrit/161018 ]

Update tests that avoid passing empty buffers to OEMCrypto API methods.

Merged from https://widevine-internal-review.googlesource.com/159317

Change-Id: If0d8007e3294820654b081fe813a09485e757f1c

----------------------------------------------------------------------

Fix cherry pick of "Improve buffer size distribution in fuzz tests"

[ Merge of http://go/wvgerrit/161022 ]

Change-Id: I8b0440fe13b513396b5779c25e6a46ac40eaa183

----------------------------------------------------------------------

Improve buffer size distribution in fuzz tests

[ Merge of http://go/wvgerrit/160957 ]

When a buffer size is fuzzed, use the modulo operation, instead of
std::min, to create an even distribution.

Merged from https://widevine-internal-review.googlesource.com/159157

Change-Id: I3c1168c7a7d739793005927a97af18de5df2e4c6

----------------------------------------------------------------------

Improve AddressSanitizer coverage in fuzz tests

[ Merge of http://go/wvgerrit/160464 ]

Split fuzzed data into separate buffers so AddressSanitizer can detect
all out-of-bounds accesses.

Merged from https://widevine-internal-review.googlesource.com/158977

Change-Id: I7ca67409b7c6f96548e21ab41f6caf99f738605d
2023-02-28 00:40:35 +00:00

274 lines
10 KiB
C++
Raw Blame History

// Copyright 2019 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine
// License Agreement.
#include "oec_decrypt_fallback_chain.h"
#include <stdint.h>
#include <string.h>
#include "oemcrypto_corpus_generator_helper.h"
#include "oemcrypto_types.h"
#include "string_conversions.h"
namespace {
void advance_dest_buffer(OEMCrypto_DestBufferDesc* dest_buffer, size_t bytes) {
switch (dest_buffer->type) {
case OEMCrypto_BufferType_Clear:
dest_buffer->buffer.clear.clear_buffer += bytes;
dest_buffer->buffer.clear.clear_buffer_length -= bytes;
break;
case OEMCrypto_BufferType_Secure:
dest_buffer->buffer.secure.offset += bytes;
break;
case OEMCrypto_BufferType_Direct:
// Nothing to do for this buffer type.
break;
}
}
void advance_iv_ctr(uint8_t (*subsample_iv)[wvoec::KEY_IV_SIZE], size_t bytes) {
uint64_t counter;
constexpr size_t half_iv_size = wvoec::KEY_IV_SIZE / 2;
memcpy(&counter, &(*subsample_iv)[half_iv_size], half_iv_size);
const size_t increment =
bytes / wvoec::AES_128_BLOCK_SIZE; // The truncation here is intentional
counter = wvutil::htonll64(wvutil::ntohll64(counter) + increment);
memcpy(&(*subsample_iv)[half_iv_size], &counter, half_iv_size);
}
} // namespace
namespace wvoec {
// Decrypts the given array of samples. Handles fallback behavior correctly if
// the OEMCrypto implementation does not accept multiple samples.
OEMCryptoResult DecryptFallbackChain::Decrypt(
OEMCrypto_SESSION session_id, const OEMCrypto_SampleDescription* samples,
size_t samples_length, OEMCryptoCipherMode cipher_mode,
const OEMCrypto_CENCEncryptPatternDesc* pattern) {
OEMCryptoResult sts =
OEMCrypto_DecryptCENC(session_id, samples, samples_length, pattern);
// No need for a fallback. Abort early.
if (sts != OEMCrypto_ERROR_BUFFER_TOO_LARGE) {
if (ShouldGenerateCorpus()) {
WriteDecryptCencCorpus(cipher_mode, samples, pattern, samples_length);
}
return sts;
}
// Fall back to decrypting individual samples.
for (size_t i = 0; i < samples_length; ++i) {
sts = DecryptSample(session_id, samples[i], cipher_mode, pattern);
if (sts != OEMCrypto_SUCCESS) return sts;
}
return sts;
}
// Decrypts the given sample. Handles fallback behavior correctly if the
// OEMCrypto implementation does not accept full samples.
OEMCryptoResult DecryptFallbackChain::DecryptSample(
OEMCrypto_SESSION session_id, const OEMCrypto_SampleDescription& sample,
OEMCryptoCipherMode cipher_mode,
const OEMCrypto_CENCEncryptPatternDesc* pattern) {
OEMCryptoResult sts = OEMCrypto_DecryptCENC(session_id, &sample, 1, pattern);
// No need for a fallback. Abort early.
if (sts != OEMCrypto_ERROR_BUFFER_TOO_LARGE) {
if (ShouldGenerateCorpus()) {
WriteDecryptCencCorpus(cipher_mode, &sample, pattern, 1);
}
return sts;
}
// Fall back to decrypting individual subsamples.
OEMCrypto_SampleDescription fake_sample = sample;
for (size_t i = 0; i < sample.subsamples_length; ++i) {
const OEMCrypto_SubSampleDescription& subsample = sample.subsamples[i];
const size_t length =
subsample.num_bytes_clear + subsample.num_bytes_encrypted;
fake_sample.buffers.input_data_length = length;
fake_sample.subsamples = &subsample;
fake_sample.subsamples_length = 1;
sts = DecryptSubsample(session_id, fake_sample, pattern, cipher_mode);
if (sts != OEMCrypto_SUCCESS) return sts;
fake_sample.buffers.input_data += length;
advance_dest_buffer(&fake_sample.buffers.output_descriptor, length);
if (cipher_mode == OEMCrypto_CipherMode_CENC) {
advance_iv_ctr(&fake_sample.iv,
subsample.block_offset + subsample.num_bytes_encrypted);
}
}
return sts;
}
// Decrypts the given subsample. Handles fallback behavior correctly if the
// OEMCrypto implementation does not accept full subsamples.
OEMCryptoResult DecryptFallbackChain::DecryptSubsample(
OEMCrypto_SESSION session_id, const OEMCrypto_SampleDescription& sample,
const OEMCrypto_CENCEncryptPatternDesc* pattern,
OEMCryptoCipherMode cipher_mode) {
OEMCryptoResult sts = OEMCrypto_DecryptCENC(session_id, &sample, 1, pattern);
// No need for a fallback. Abort early.
if (sts != OEMCrypto_ERROR_BUFFER_TOO_LARGE) {
if (ShouldGenerateCorpus()) {
WriteDecryptCencCorpus(cipher_mode, &sample, pattern, 1);
}
return sts;
}
// Fall back to decrypting individual subsample halves.
const OEMCrypto_SubSampleDescription& subsample = sample.subsamples[0];
OEMCrypto_SampleDescription fake_sample = sample;
OEMCrypto_SubSampleDescription fake_subsample;
fake_sample.subsamples = &fake_subsample;
fake_sample.subsamples_length = 1;
if (subsample.num_bytes_clear > 0) {
fake_sample.buffers.input_data_length = subsample.num_bytes_clear;
fake_subsample.num_bytes_clear = subsample.num_bytes_clear;
fake_subsample.num_bytes_encrypted = 0;
fake_subsample.block_offset = 0;
fake_subsample.subsample_flags = 0;
if (subsample.subsample_flags & OEMCrypto_FirstSubsample)
fake_subsample.subsample_flags |= OEMCrypto_FirstSubsample;
if (subsample.subsample_flags & OEMCrypto_LastSubsample &&
subsample.num_bytes_encrypted == 0)
fake_subsample.subsample_flags |= OEMCrypto_LastSubsample;
sts = DecryptSubsampleHalf(session_id, fake_sample, pattern, cipher_mode);
if (sts != OEMCrypto_SUCCESS) return sts;
// Advance the buffers for the other half, in case they're needed.
fake_sample.buffers.input_data += subsample.num_bytes_clear;
advance_dest_buffer(&fake_sample.buffers.output_descriptor,
subsample.num_bytes_clear);
}
if (subsample.num_bytes_encrypted > 0) {
fake_sample.buffers.input_data_length = subsample.num_bytes_encrypted;
fake_subsample.num_bytes_clear = 0;
fake_subsample.num_bytes_encrypted = subsample.num_bytes_encrypted;
fake_subsample.block_offset = subsample.block_offset;
fake_subsample.subsample_flags = 0;
if (subsample.subsample_flags & OEMCrypto_FirstSubsample &&
subsample.num_bytes_clear == 0)
fake_subsample.subsample_flags |= OEMCrypto_FirstSubsample;
if (subsample.subsample_flags & OEMCrypto_LastSubsample)
fake_subsample.subsample_flags |= OEMCrypto_LastSubsample;
sts = DecryptSubsampleHalf(session_id, fake_sample, pattern, cipher_mode);
if (sts != OEMCrypto_SUCCESS) return sts;
}
return sts;
}
// Decrypts the given subsample half. There is no fallback behavior after this;
// an OEMCrypto_ERROR_BUFFER_TOO_LARGE produced here will be returned to the
// caller.
OEMCryptoResult DecryptFallbackChain::DecryptSubsampleHalf(
OEMCrypto_SESSION session_id, const OEMCrypto_SampleDescription& sample,
const OEMCrypto_CENCEncryptPatternDesc* pattern,
OEMCryptoCipherMode cipher_mode) {
if (ShouldGenerateCorpus()) {
WriteDecryptCencCorpus(cipher_mode, &sample, pattern, 1);
}
return OEMCrypto_DecryptCENC(session_id, &sample, 1, pattern);
// In a real CDM, you would want some fallback here to handle the case where
// the buffer is too big for the OEMCrypto implementation. But in the case of
// the tests, we won't be passing a buffer that's too big unless we are trying
// to test that failure condition, so there's no need to handle that case
// here.
}
// Used for OEMCrypto Fuzzing: Corpus format is as below, let | be separator.
// cipher_mode + pattern + sample_data for all samples |
// input_data for all samples | subsample_data for all samples
void WriteDecryptCencCorpus(
OEMCryptoCipherMode cipher_mode,
const OEMCrypto_SampleDescription* samples_description,
const OEMCrypto_CENCEncryptPatternDesc* pattern, size_t samples_length) {
const std::string file_name =
GetFileName("oemcrypto_decrypt_cenc_fuzz_seed_corpus");
// Cipher mode and Pattern.
OEMCrypto_Decrypt_Cenc_Fuzz decrypt_cenc_fuzz_struct;
decrypt_cenc_fuzz_struct.cipher_mode = cipher_mode;
decrypt_cenc_fuzz_struct.pattern = *pattern;
AppendToFile(file_name,
reinterpret_cast<const char*>(&decrypt_cenc_fuzz_struct),
sizeof(OEMCrypto_Decrypt_Cenc_Fuzz));
// Sample data for all samples.
for (size_t i = 0; i < samples_length; i++) {
OEMCrypto_SampleDescription_Fuzz sample_description_data;
sample_description_data.buffers.input_data_length =
samples_description[i].buffers.input_data_length;
sample_description_data.buffers.output_descriptor.type =
samples_description[i].buffers.output_descriptor.type;
switch (sample_description_data.buffers.output_descriptor.type) {
case OEMCrypto_BufferType_Clear:
sample_description_data.buffers.output_descriptor.buffer_config =
samples_description[i]
.buffers.output_descriptor.buffer.clear.clear_buffer_length;
break;
case OEMCrypto_BufferType_Secure:
sample_description_data.buffers.output_descriptor.buffer_config =
samples_description[i]
.buffers.output_descriptor.buffer.secure.secure_buffer_length;
break;
case OEMCrypto_BufferType_Direct:
sample_description_data.buffers.output_descriptor.buffer_config =
samples_description[i]
.buffers.output_descriptor.buffer.direct.is_video;
break;
}
memcpy(sample_description_data.iv, samples_description[i].iv,
sizeof(sample_description_data.iv));
sample_description_data.subsamples_length =
samples_description[i].subsamples_length;
AppendToFile(file_name,
reinterpret_cast<const char*>(&sample_description_data),
sizeof(OEMCrypto_SampleDescription_Fuzz));
}
AppendSeparator(file_name);
// Input data for all samples.
for (size_t i = 0; i < samples_length; i++) {
AppendToFile(file_name,
reinterpret_cast<const char*>(
samples_description[i].buffers.input_data),
samples_description[i].buffers.input_data_length);
}
AppendSeparator(file_name);
// Subsample data for all samples.
for (size_t i = 0; i < samples_length; i++) {
for (size_t j = 0; j < samples_description[i].subsamples_length; j++) {
AppendToFile(
file_name,
reinterpret_cast<const char*>(&samples_description[i].subsamples[j]),
sizeof(OEMCrypto_SubSampleDescription));
}
}
}
} // namespace wvoec
Reference in New Issue View Git Blame Copy Permalink