android/fuzzer/service_certificate_fuzzer.cpp

/*
 * Copyright (C) 2023 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 */

#include "service_certificate.h"
#include "vendor_widevine_fuzz_helper.h"
#include "wv_cdm_event_listener.h"
#include "wv_cdm_types.h"
#include <crypto_session.h>
#include <log.h>
#include <memory>
#include <utils/Log.h>

using namespace wvcdm;
using namespace video_widevine;

static constexpr int32_t kMaxNum = 3;
static constexpr int32_t kMinNum = 0;
static constexpr int32_t kMaxByte = 256;

class ServiceCertificateFuzzer {
public:
  ServiceCertificateFuzzer(const uint8_t *data, size_t size)
      : mFdp(data, size){};
  void process();

private:
  FuzzedDataProvider mFdp;
};

void ServiceCertificateFuzzer::process() {
  EncryptedClientIdentification encryptedClientId;
  ClientIdentification clearClientId;
  ServiceCertificate serviceCertificate;
  while (mFdp.remaining_bytes()) {
    auto invokeServiceCertificateAPI =
        mFdp.PickValueInArray<const std::function<void()>>({
            [&]() {
              FuzzCdmClientPropertySet propertySet(&mFdp);
              propertySet.enable_privacy_mode();
              propertySet.set_service_certificate(kTestSignedCertificate);
              PropertiesTestPeer::ForceReinit();
              PropertiesTestPeer::AddSessionPropertySet(
                  mFdp.ConsumeBool() ? kTestSessionId1
                                     : mFdp.ConsumeRandomLengthString(kMaxByte),
                  &propertySet);
              std::string rawServiceCertificate;
              PropertiesTestPeer::GetServiceCertificate(
                  mFdp.ConsumeBool() ? kTestSessionId1
                                     : mFdp.ConsumeRandomLengthString(kMaxByte),
                  &rawServiceCertificate);
              if (mFdp.ConsumeBool()) {
                serviceCertificate.Init(mFdp.ConsumeBool()
                                            ? rawServiceCertificate
                                            : kTestSignedCertificate);
              } else {
                serviceCertificate.Init(
                    mFdp.ConsumeRandomLengthString(kMaxByte));
              }
            },
            [&]() {
              serviceCertificate.VerifySignedMessage(
                  mFdp.ConsumeRandomLengthString(kMaxByte) /*message*/,
                  mFdp.ConsumeRandomLengthString(kMaxByte) /*signature*/);
            },
            [&]() {
              CdmKeyMessage signedCertificate =
                  mFdp.ConsumeRandomLengthString(kMaxByte);
              serviceCertificate.ParseResponse(
                  mFdp.ConsumeRandomLengthString(kMaxByte) /*response*/,
                  mFdp.ConsumeBool()
                      ? nullptr
                      : &signedCertificate /*signed_certificate*/);
            },
            [&]() {
              CdmKeyMessage request;
              serviceCertificate.GetRequest(mFdp.ConsumeBool() ? nullptr
                                                               : &request);
            },
            [&]() {
              /**
               * crypto_session object is not used in EncryptClientId.
               * Therefore keeping crypto_session as nullptr.
               */
              ClientIdentification_ClientCapabilities *clientCapabilities =
                  clearClientId.mutable_client_capabilities();
              /**
               * Default value of clientCapabilities is false.
               * So passing true to all set methods.
               */
              int32_t clientCase =
                  mFdp.ConsumeIntegralInRange<int32_t>(kMinNum, kMaxNum);
              switch (clientCase) {
              case 0:
                clientCapabilities->set_client_token(true /*Value*/);
                break;
              case 1:
                clientCapabilities->set_session_token(true /*Value*/);
                break;
              case 2:
                clientCapabilities->set_video_resolution_constraints(
                    true /*Value*/);
                break;
              default:
                break;
              }
              serviceCertificate.EncryptClientId(nullptr /*crypto_session*/,
                                                 &clearClientId,
                                                 &encryptedClientId);
            },
        });
    invokeServiceCertificateAPI();
  }
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  ServiceCertificateFuzzer serviceCertificateFuzzer(data, size);
  serviceCertificateFuzzer.process();
  return 0;
}