Files

Harsh Abichandani 5c51a93c21 Added buffer_reader_fuzzer

exec/s: 13311
Test: ./buffer_reader_fuzzer
Bug: 265234582

Change-Id: I25865fa5619a0a488ebef3926ea060956e955685

2023-10-04 04:11:00 +00:00

8.0 KiB

Raw Blame History

Fuzzers for libcdm

policy_engine_fuzzer
content_decryption_fuzzer
system_id_extractor_fuzzer
service_certificate_fuzzer
policy_timers_fuzzer
privacy_crypto_fuzzer
cdm_license_fuzzer
crypto_session_fuzzer
buffer_reader_fuzzer

Fuzzer for PolicyEngine

PolicyEngine supports the following parameters:

SigningKeyId (parameter name: "kSigningKeyId")
RenewalServerUrl (parameter name: "kRenewalServerUrl")
EntitlementKeyId (parameter name: "kEntitlementKeyId")

Parameter	Valid Values	Configured Value
`kSigningKeyId`	`String`	Value obtained from FuzzedDataProvider
`kRenewalServerUrl`	`String`	Value obtained from FuzzedDataProvider
`kEntitlementKeyId`	`String`	Value obtained from FuzzedDataProvider

Steps to run

Build the fuzzer

  $ mm -j$(nproc) policy_engine_fuzzer

Run on device

  $ adb sync data
  $ adb shell /data/fuzz/arm64/policy_engine_fuzzer/vendor/policy_engine_fuzzer

Fuzzer for ContentDecryption

ContentDecryption supports the following parameters:

Cert Authority (parameter name: "certAuthority")
Server Url (parameter name: "serverUrl")
Service Certificate (parameter name: "serviceCertificate")

Parameter	Valid Values	Configured Value
`certAuthority`	`String`	Value obtained from FuzzedDataProvider
`serverUrl`	`String`	Value obtained from FuzzedDataProvider
`serviceCertificate`	`String`	Value obtained from FuzzedDataProvider

Steps to run

Build the fuzzer

  $ mm -j$(nproc) content_decryption_fuzzer

Run on device

  $ adb sync data
  $ adb shell /data/fuzz/arm64/content_decryption_fuzzer/vendor/content_decryption_fuzzer

Fuzzer for SystemIdExtractor

SystemIdExtractor supports the following parameters:

OEM Cert (parameter name: "oemCert")
Key Data (parameter name: "keyData")
System Id (parameter name: "mSystemId")

Parameter	Valid Values	Configured Value
`oemCert`	`String`	Value obtained from FuzzedDataProvider
`keyData`	`String`	Value obtained from FuzzedDataProvider
`mSystemId`	`Integer in range 0 to 256`	Value obtained from FuzzedDataProvider

Steps to run

Build the fuzzer

  $ mm -j$(nproc) system_id_extractor_fuzzer

Run on device

  $ adb sync data
  $ adb shell /data/fuzz/arm64/system_id_extractor_fuzzer/vendor/system_id_extractor_fuzzer

Fuzzer for ServiceCertificate

ServiceCertificate supports the following parameters:

Message (parameter name: "message")
Signature (parameter name: "signature")
Request (parameter name: "request")

Parameter	Valid Values	Configured Value
`message`	`String`	Value obtained from FuzzedDataProvider
`signature`	`String`	Value obtained from FuzzedDataProvider
`request`	`String`	Value obtained from FuzzedDataProvider

Steps to run

Build the fuzzer

  $ mm -j$(nproc) service_certificate_fuzzer

Run on device

  $ adb sync data
  $ adb shell /data/fuzz/arm64/service_certificate_fuzzer/vendor/service_certificate_fuzzer

Fuzzer for PolicyTimers

PolicyTimers supports the following parameters:

Seconds Since Last Played (parameter name: "secondsSinceLastPlayed")
Expiry Time (parameter name: "expiryTime")

Parameter	Valid Values	Configured Value
`secondsSinceLastPlayed`	`Integer`	Value obtained from FuzzedDataProvider
`expiryTime`	`Interger`	Value obtained from FuzzedDataProvider

Steps to run

Build the fuzzer

  $ mm -j$(nproc) policy_timers_fuzzer

Run on device

  $ adb sync data
  $ adb shell /data/fuzz/arm64/policy_timers_fuzzer/vendor/policy_timers_fuzzer

Fuzzer for PrivacyCrypto

PrivacyCrypto supports the following parameters:

Message (parameter name: "message")
Key (parameter name: "key")
Iv (parameter name: "iv")
Data (parameter name: 'data')
CertIndex (parameter name: 'certIndex')

Parameter	Valid Values	Configured Value
`message`	`String`	Value obtained from FuzzedDataProvider
`key`	`String`	Value obtained from FuzzedDataProvider
`iv`	`String`	Value obtained from FuzzedDataProvider
`data`	`String`	Value obtained from FuzzedDataProvider
`certIndex`	`Integer`	Value obtained from FuzzedDataProvider

Steps to run

Build the fuzzer

  $ mm -j$(nproc) privacy_crypto_fuzzer

Run on device

  $ adb sync data
  $ adb shell /data/fuzz/arm64/privacy_crypto_fuzzer/vendor/privacy_crypto_fuzzer

Fuzzer for CdmLicense

CdmLicense supports the following parameters:

InitiDataType (parameter name: "kInitiDataType")
ProtectionScheme (parameter name: "kProtectionScheme")
SecurityLevel (parameter name: "kSecurityLevel")
SignedType(parameter name: "kSignedType")

Parameter	Valid Values	Configured Value
`kInitiDataType`	1. `video/mp4` 2. `video/webm` 3. `cenc` 4. `hls` 5. `webm`	Value obtained from FuzzedDataProvider
`kProtectionScheme`	1. `0x63626331` 2. `0x63626373` 3. `0x31636263` 4. `0x73636263` 5. `0x63656e63`	Value obtained from FuzzedDataProvider
`kSecurityLevel`	1. `QUERY_VALUE_SECURITY_LEVEL_L1` 2. `QUERY_VALUE_SECURITY_LEVEL_L2` 3. `QUERY_VALUE_SECURITY_LEVEL_L3`	Value obtained from FuzzedDataProvider
`kSignedType`	1. `SignedMessage::LICENSE` 2.`SignedMessage::SERVICE_CERTIFICATE` 3. `SignedMessage::ERROR_RESPONSE`	Value obtained from FuzzedDataProvider

Steps to run

Build the fuzzer

  $ mm -j$(nproc) cdm_license_fuzzer

Run on device

  $ adb sync data
  $ adb shell /data/fuzz/arm64/cdm_license_fuzzer/vendor/cdm_license_fuzzer

Fuzzer for CryptoSession

CryptoSession supports the following parameters:

token (parameter name: "token")
signed_message (parameter name: "signed_message")
signature (parameter name: "signature")
provider_session_token (parameter name: "signature")

Parameter	Valid Values	Configured Value
`token`	`String`	Value obtained from FuzzedDataProvider
`signed_message`	`String`	Value obtained from FuzzedDataProvider
`signature`	`String`	Value obtained from FuzzedDataProvider
`provider_session_token`	`String`	Value obtained from FuzzedDataProvider

Steps to run

Build the fuzzer

  $ mm -j$(nproc) crypto_session_fuzzer

Run on device

  $ adb sync data
  $ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/arm64/crypto_session_fuzzer/vendor/crypto_session_fuzzer

Fuzzer for BufferReader

BufferReader supports the following parameters:

Buffer reader data (parameter name: "rawData")
Init data types (parameter name: "initDataType")
HLS methods (parameter name:"hlsMethod")

Parameter	Valid Values	Configured Value
`rawData`	`Vector`	Value obtained from FuzzedDataProvider
`initDataType`	1.`HLS_INIT_DATA_FORMAT` 2.`ISO_BMFF_VIDEO_MIME_TYPE` 3.`ISO_BMFF_AUDIO_MIME_TYPE` 4.`CENC_INIT_DATA_FORMAT` 5.`WEBM_VIDEO_MIME_TYPE` 6.`WEBM_AUDIO_MIME_TYPE` 7.`WEBM_INIT_DATA_FORMAT`	Value obtained from FuzzedDataProvider
`hlsMethod`	1.`HLS_METHOD_AES_128` 2.`HLS_METHOD_NONE` 3.`HLS_METHOD_SAMPLE_AES`	Value obtained from FuzzedDataProvider

Steps to run

Build the fuzzer

  $ mm -j$(nproc) buffer_reader_fuzzer

Run on device

  $ adb sync data
  $ adb shell /data/fuzz/arm64/buffer_reader_fuzzer/vendor/buffer_reader_fuzzer

8.0 KiB Raw Blame History

Fuzzers for libcdm

Table of contents

Fuzzer for PolicyEngine

Steps to run

Fuzzer for ContentDecryption

Steps to run

Fuzzer for SystemIdExtractor

Steps to run

Fuzzer for ServiceCertificate

Steps to run

Fuzzer for PolicyTimers

Steps to run

Fuzzer for PrivacyCrypto

Steps to run

Fuzzer for CdmLicense

Steps to run

Fuzzer for CryptoSession

Steps to run

Fuzzer for BufferReader

Steps to run

8.0 KiB

Raw Blame History