widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
982bec196b655299c206bd2979825bef32795a2d
android/fuzzer
History
Onkar Shinde 982bec196b Updated crypto_session_fuzzer 
Implemented google c++ code style changes for crypto_session_fuzzer

exec/s: 136
Test: ./crypto_session_fuzzer
Bug: 312374669

Change-Id: Ie490914858a35dfe0f8bfdd4a40f9be65d41b6bd
2023-12-12 08:34:08 +00:00
..
Android.bp
Add libPlatformProperties dependency
2023-11-14 23:50:30 +00:00
buffer_reader_fuzzer.cpp
Updated buffer_reader_fuzzer
2023-12-08 10:26:48 +00:00
cdm_engine_fuzzer.cpp
Merge "Updated widevine fuzzers" into main
2023-11-09 18:38:11 +00:00
cdm_license_fuzzer.cpp
Added cdm_license_fuzzer
2023-10-04 04:11:00 +00:00
cdm_session_fuzzer.cpp
Updated cdm_session_fuzzer
2023-11-28 12:32:58 +00:00
certificate_provisioning_fuzzer.cpp
Updated certificate_provisioning_fuzzer
2023-11-28 12:17:25 +00:00
content_decryption_fuzzer.cpp
content_decryption_fuzzer: Bug Fix
2023-11-06 08:39:09 +00:00
crypto_session_fuzzer.cpp
Updated crypto_session_fuzzer
2023-12-12 08:34:08 +00:00
device_files_fuzzer.cpp
Added device_files_fuzzer
2023-10-04 04:11:00 +00:00
policy_engine_fuzzer.cpp
Updated policy_engine_fuzzer
2023-11-21 09:53:58 +00:00
policy_timers_fuzzer.cpp
Updated policy_timers_fuzzer
2023-12-08 10:31:38 +00:00
privacy_crypto_fuzzer.cpp
Updated privacy_crypto_fuzzer
2023-12-08 11:37:33 +00:00
README.md
Added cdm_session_fuzzer
2023-10-04 04:11:00 +00:00
service_certificate_fuzzer.cpp
Updated service_certificate_fuzzer
2023-12-05 06:30:22 +00:00
system_fuzz_helper.h
Added system_id_extractor_fuzzer
2023-10-04 04:09:38 +00:00
system_id_extractor_fuzzer.cpp
Added system_id_extractor_fuzzer
2023-10-04 04:09:38 +00:00
vendor_widevine_fuzz_helper.h
Added service_certificate_fuzzer
2023-10-04 04:11:00 +00:00

README.md

Fuzzers for libcdm

Table of contents

Fuzzer for PolicyEngine

PolicyEngine supports the following parameters:

  1. SigningKeyId (parameter name: "kSigningKeyId")
  2. RenewalServerUrl (parameter name: "kRenewalServerUrl")
  3. EntitlementKeyId (parameter name: "kEntitlementKeyId")
Parameter Valid Values Configured Value
kSigningKeyId String Value obtained from FuzzedDataProvider
kRenewalServerUrl String Value obtained from FuzzedDataProvider
kEntitlementKeyId String Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) policy_engine_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/policy_engine_fuzzer/vendor/policy_engine_fuzzer

Fuzzer for ContentDecryption

ContentDecryption supports the following parameters:

  1. Cert Authority (parameter name: "certAuthority")
  2. Server Url (parameter name: "serverUrl")
  3. Service Certificate (parameter name: "serviceCertificate")
Parameter Valid Values Configured Value
certAuthority String Value obtained from FuzzedDataProvider
serverUrl String Value obtained from FuzzedDataProvider
serviceCertificate String Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) content_decryption_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/content_decryption_fuzzer/vendor/content_decryption_fuzzer

Fuzzer for SystemIdExtractor

SystemIdExtractor supports the following parameters:

  1. OEM Cert (parameter name: "oemCert")
  2. Key Data (parameter name: "keyData")
  3. System Id (parameter name: "mSystemId")
Parameter Valid Values Configured Value
oemCert String Value obtained from FuzzedDataProvider
keyData String Value obtained from FuzzedDataProvider
mSystemId Integer in range 0 to 256 Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) system_id_extractor_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/system_id_extractor_fuzzer/vendor/system_id_extractor_fuzzer

Fuzzer for ServiceCertificate

ServiceCertificate supports the following parameters:

  1. Message (parameter name: "message")
  2. Signature (parameter name: "signature")
  3. Request (parameter name: "request")
Parameter Valid Values Configured Value
message String Value obtained from FuzzedDataProvider
signature String Value obtained from FuzzedDataProvider
request String Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) service_certificate_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/service_certificate_fuzzer/vendor/service_certificate_fuzzer

Fuzzer for PolicyTimers

PolicyTimers supports the following parameters:

  1. Seconds Since Last Played (parameter name: "secondsSinceLastPlayed")
  2. Expiry Time (parameter name: "expiryTime")
Parameter Valid Values Configured Value
secondsSinceLastPlayed Integer Value obtained from FuzzedDataProvider
expiryTime Interger Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) policy_timers_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/policy_timers_fuzzer/vendor/policy_timers_fuzzer

Fuzzer for PrivacyCrypto

PrivacyCrypto supports the following parameters:

  1. Message (parameter name: "message")
  2. Key (parameter name: "key")
  3. Iv (parameter name: "iv")
  4. Data (parameter name: 'data')
  5. CertIndex (parameter name: 'certIndex')
Parameter Valid Values Configured Value
message String Value obtained from FuzzedDataProvider
key String Value obtained from FuzzedDataProvider
iv String Value obtained from FuzzedDataProvider
data String Value obtained from FuzzedDataProvider
certIndex Integer Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) privacy_crypto_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/privacy_crypto_fuzzer/vendor/privacy_crypto_fuzzer

Fuzzer for CdmLicense

CdmLicense supports the following parameters:

  1. InitiDataType (parameter name: "kInitiDataType")
  2. ProtectionScheme (parameter name: "kProtectionScheme")
  3. SecurityLevel (parameter name: "kSecurityLevel")
  4. SignedType(parameter name: "kSignedType")
Parameter Valid Values Configured Value
kInitiDataType 1. video/mp4
2. video/webm
3. cenc
4. hls
5. webm
Value obtained from FuzzedDataProvider
kProtectionScheme 1. 0x63626331
2. 0x63626373
3. 0x31636263
4. 0x73636263
5. 0x63656e63
Value obtained from FuzzedDataProvider
kSecurityLevel 1. QUERY_VALUE_SECURITY_LEVEL_L1
2. QUERY_VALUE_SECURITY_LEVEL_L2
3. QUERY_VALUE_SECURITY_LEVEL_L3
Value obtained from FuzzedDataProvider
kSignedType 1. SignedMessage::LICENSE
2.SignedMessage::SERVICE_CERTIFICATE
3. SignedMessage::ERROR_RESPONSE		 Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) cdm_license_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/cdm_license_fuzzer/vendor/cdm_license_fuzzer

Fuzzer for CryptoSession

CryptoSession supports the following parameters:

  1. token (parameter name: "token")
  2. signed_message (parameter name: "signed_message")
  3. signature (parameter name: "signature")
  4. provider_session_token (parameter name: "signature")
Parameter Valid Values Configured Value
token String Value obtained from FuzzedDataProvider
signed_message String Value obtained from FuzzedDataProvider
signature String Value obtained from FuzzedDataProvider
provider_session_token String Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) crypto_session_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/arm64/crypto_session_fuzzer/vendor/crypto_session_fuzzer

Fuzzer for BufferReader

BufferReader supports the following parameters:

  1. Buffer reader data (parameter name: "rawData")
  2. Init data types (parameter name: "initDataType")
  3. HLS methods (parameter name:"hlsMethod")
Parameter Valid Values Configured Value
rawData Vector Value obtained from FuzzedDataProvider
initDataType 1.HLS_INIT_DATA_FORMAT 2.ISO_BMFF_VIDEO_MIME_TYPE 3.ISO_BMFF_AUDIO_MIME_TYPE 4.CENC_INIT_DATA_FORMAT 5.WEBM_VIDEO_MIME_TYPE 6.WEBM_AUDIO_MIME_TYPE 7.WEBM_INIT_DATA_FORMAT Value obtained from FuzzedDataProvider
hlsMethod 1.HLS_METHOD_AES_128 2.HLS_METHOD_NONE 3.HLS_METHOD_SAMPLE_AES Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) buffer_reader_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/buffer_reader_fuzzer/vendor/buffer_reader_fuzzer

Fuzzer for CdmEngine

CdmEngine supports the following parameters:

  1. Key System (parameter name: "keySystem")
  2. Level (parameter name: "level")
  3. Frame Number (parameter name: "frameNum")
  4. Spoid (parameter name: "spoid")
Parameter Valid Values Configured Value
keySystem String Value obtained from FuzzedDataProvider
level int32_t Value obtained from FuzzedDataProvider
frameNum unit32_t Value obtained from FuzzedDataProvider
spoid String Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) cdm_engine_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/arm64/cdm_engine_fuzzer/vendor/cdm_engine_fuzzer

Fuzzer for CertificateProvisioning

CertificateProvisioning supports the following parameters:

  1. service_certificate (parameter name: "service_certificate")
  2. responseMessage (parameter name: "response")
  3. type (parameter name: "type")
Parameter Valid Values Configured Value
service_certificate String Value obtained from FuzzedDataProvider
responseMessage String Value obtained from FuzzedDataProvider
type 1. ResponseType::kNoError
2. ResponseType::kResponseTypeBase
3. ResponseType::kObjectNotInitialized
4. ResponseType::kParameterNull
5. ResponseType::kBasePathUnavailable
6. ResponseType::kFileOpenFailed
7. ResponseType::kFileWriteError
8. ResponseType::kFileReadError
9. ResponseType::kInvalidFileSize
10. ResponseType::kHashComputationFailed
11. ResponseType::kFileHashMismatch
12. ResponseType::kFileParseError1
13. ResponseType::kFileParseError2
14. ResponseType::kUnknownLicenseState
15. ResponseType::kIncorrectFileType
16. ResponseType::kIncorrectFileVersion
17. ResponseType::kLicenseNotPresent		 Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) certificate_provisioning_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/certificate_provisioning_fuzzer/vendor/certificate_provisioning_fuzzer

Fuzzer for DeviceFile

DeviceFile supports the following parameters:

  1. AtscModeEnabled (parameter name: "atsc_mode_enabled")
Parameter Valid Values Configured Value
AtscModeEnabled Bool Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) device_files_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/device_files_fuzzer/vendor/device_files_fuzzer

Fuzzer for CdmSession

CdmSession supports the following parameters:

  1. CdmKeyResponse (parameter name: "key_response")
  2. CdmSessionId (parameter name: "forced_session_id")
  3. KeyId (parameter name:"key_id")
Parameter Valid Values Configured Value
key_response String Value obtained from FuzzedDataProvider
forced_session_id String Value obtained from FuzzedDataProvider
key_id String Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) cdm_session_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/cdm_session_fuzzer/vendor/cdm_session_fuzzer