widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5bed1044eb89a2623369f21dd6c72ae40bc9f138
android/fuzzer/README.md
Karan Jain 5bed1044eb Added crypto_session_fuzzer 
exec/s: 29
Test: ./crypto_session_fuzzer
Bug: 265234582

Change-Id: Ia42bcae6ea2f6ec722b972f44256e8b8cb56d9d5
2023-10-04 04:11:00 +00:00

210 lines
7.0 KiB
Markdown
Raw Blame History

# Fuzzers for libcdm
## Table of contents
+ [policy_engine_fuzzer](#PolicyEngine)
+ [content_decryption_fuzzer](#ContentDecryption)
+ [system_id_extractor_fuzzer](#SystemIdExtractor)
+ [service_certificate_fuzzer](#ServiceCertificate)
+ [policy_timers_fuzzer](#PolicyTimers)
+ [privacy_crypto_fuzzer](#PrivacyCrypto)
+ [cdm_license_fuzzer](#CdmLicense)
+ [crypto_session_fuzzer](#CryptoSession)
# <a name="PolicyEngine"></a> Fuzzer for PolicyEngine
PolicyEngine supports the following parameters:
1. SigningKeyId (parameter name: "kSigningKeyId")
2. RenewalServerUrl (parameter name: "kRenewalServerUrl")
3. EntitlementKeyId (parameter name: "kEntitlementKeyId")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`kSigningKeyId`| `String` |Value obtained from FuzzedDataProvider|
|`kRenewalServerUrl`| `String` |Value obtained from FuzzedDataProvider|
|`kEntitlementKeyId`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) policy_engine_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/policy_engine_fuzzer/vendor/policy_engine_fuzzer
```
# <a name="ContentDecryption"></a> Fuzzer for ContentDecryption
ContentDecryption supports the following parameters:
1. Cert Authority (parameter name: "certAuthority")
2. Server Url (parameter name: "serverUrl")
3. Service Certificate (parameter name: "serviceCertificate")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`certAuthority`| `String` |Value obtained from FuzzedDataProvider|
|`serverUrl`| `String` |Value obtained from FuzzedDataProvider|
|`serviceCertificate`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) content_decryption_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/content_decryption_fuzzer/vendor/content_decryption_fuzzer
```
# <a name="SystemIdExtractor"></a> Fuzzer for SystemIdExtractor
SystemIdExtractor supports the following parameters:
1. OEM Cert (parameter name: "oemCert")
2. Key Data (parameter name: "keyData")
3. System Id (parameter name: "mSystemId")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`oemCert`| `String` |Value obtained from FuzzedDataProvider|
|`keyData`| `String` |Value obtained from FuzzedDataProvider|
|`mSystemId`| `Integer in range 0 to 256` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) system_id_extractor_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/system_id_extractor_fuzzer/vendor/system_id_extractor_fuzzer
```
# <a name="ServiceCertificate"></a> Fuzzer for ServiceCertificate
ServiceCertificate supports the following parameters:
1. Message (parameter name: "message")
2. Signature (parameter name: "signature")
3. Request (parameter name: "request")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`message`| `String` |Value obtained from FuzzedDataProvider|
|`signature`| `String` |Value obtained from FuzzedDataProvider|
|`request`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) service_certificate_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/service_certificate_fuzzer/vendor/service_certificate_fuzzer
```
# <a name="PolicyTimers"></a> Fuzzer for PolicyTimers
PolicyTimers supports the following parameters:
1. Seconds Since Last Played (parameter name: "secondsSinceLastPlayed")
2. Expiry Time (parameter name: "expiryTime")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`secondsSinceLastPlayed`| `Integer` |Value obtained from FuzzedDataProvider|
|`expiryTime`| `Interger` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) policy_timers_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/policy_timers_fuzzer/vendor/policy_timers_fuzzer
```
# <a name="PrivacyCrypto"></a> Fuzzer for PrivacyCrypto
PrivacyCrypto supports the following parameters:
1. Message (parameter name: "message")
2. Key (parameter name: "key")
3. Iv (parameter name: "iv")
4. Data (parameter name: 'data')
5. CertIndex (parameter name: 'certIndex')
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`message`| `String` |Value obtained from FuzzedDataProvider|
|`key`| `String` |Value obtained from FuzzedDataProvider|
|`iv`| `String` |Value obtained from FuzzedDataProvider|
|`data`| `String` |Value obtained from FuzzedDataProvider|
|`certIndex`| `Integer` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) privacy_crypto_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/privacy_crypto_fuzzer/vendor/privacy_crypto_fuzzer
```
# <a name="CdmLicense"></a> Fuzzer for CdmLicense
CdmLicense supports the following parameters:
1. InitiDataType (parameter name: "kInitiDataType")
2. ProtectionScheme (parameter name: "kProtectionScheme")
3. SecurityLevel (parameter name: "kSecurityLevel")
4. SignedType(parameter name: "kSignedType")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`kInitiDataType`| 1. `video/mp4` <br> 2. `video/webm` <br> 3. `cenc` <br> 4. `hls` <br> 5. `webm` <br> |Value obtained from FuzzedDataProvider|
|`kProtectionScheme`| 1. `0x63626331` <br> 2. `0x63626373` <br> 3. `0x31636263` <br> 4. `0x73636263` <br> 5. `0x63656e63` <br> |Value obtained from FuzzedDataProvider|
|`kSecurityLevel`| 1. `QUERY_VALUE_SECURITY_LEVEL_L1` <br> 2. `QUERY_VALUE_SECURITY_LEVEL_L2` <br> 3. `QUERY_VALUE_SECURITY_LEVEL_L3` <br> |Value obtained from FuzzedDataProvider|
|`kSignedType`| 1. `SignedMessage::LICENSE` <br> 2.`SignedMessage::SERVICE_CERTIFICATE` <br> 3. `SignedMessage::ERROR_RESPONSE`|Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) cdm_license_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/cdm_license_fuzzer/vendor/cdm_license_fuzzer
```
# <a name="CryptoSession"></a> Fuzzer for CryptoSession
CryptoSession supports the following parameters:
1. token (parameter name: "token")
2. signed_message (parameter name: "signed_message")
3. signature (parameter name: "signature")
4. provider_session_token (parameter name: "signature")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`token`| `String` |Value obtained from FuzzedDataProvider|
|`signed_message`| `String` |Value obtained from FuzzedDataProvider|
|`signature`| `String` |Value obtained from FuzzedDataProvider|
|`provider_session_token`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) crypto_session_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/arm64/crypto_session_fuzzer/vendor/crypto_session_fuzzer
```
Reference in New Issue View Git Blame Copy Permalink