widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
af2ffca5fa537ff5d12f810ca175eb5c47b1a55b
android/fuzzer/README.md
Atharva_Deshpande c656ebe741 Added cdm_session_fuzzer 
Test: ./cdm_session_fuzzer
exec/s:10
Bug: 265234582

Change-Id: I9ffb9f1de99a3e37fa456b357946292f16af5d69
2023-10-04 04:11:00 +00:00

332 lines
12 KiB
Markdown
Raw Blame History

# Fuzzers for libcdm
## Table of contents
+ [policy_engine_fuzzer](#PolicyEngine)
+ [content_decryption_fuzzer](#ContentDecryption)
+ [system_id_extractor_fuzzer](#SystemIdExtractor)
+ [service_certificate_fuzzer](#ServiceCertificate)
+ [policy_timers_fuzzer](#PolicyTimers)
+ [privacy_crypto_fuzzer](#PrivacyCrypto)
+ [cdm_license_fuzzer](#CdmLicense)
+ [crypto_session_fuzzer](#CryptoSession)
+ [buffer_reader_fuzzer](#BufferReader)
+ [cdm_engine_fuzzer](#CdmEngine)
+ [certificate_provisioning_fuzzer](#CertificateProvisioning)
+ [device_files_fuzzer](#DeviceFile)
+ [cdm_session_fuzzer](#CdmSession)
# <a name="PolicyEngine"></a> Fuzzer for PolicyEngine
PolicyEngine supports the following parameters:
1. SigningKeyId (parameter name: "kSigningKeyId")
2. RenewalServerUrl (parameter name: "kRenewalServerUrl")
3. EntitlementKeyId (parameter name: "kEntitlementKeyId")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`kSigningKeyId`| `String` |Value obtained from FuzzedDataProvider|
|`kRenewalServerUrl`| `String` |Value obtained from FuzzedDataProvider|
|`kEntitlementKeyId`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) policy_engine_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/policy_engine_fuzzer/vendor/policy_engine_fuzzer
```
# <a name="ContentDecryption"></a> Fuzzer for ContentDecryption
ContentDecryption supports the following parameters:
1. Cert Authority (parameter name: "certAuthority")
2. Server Url (parameter name: "serverUrl")
3. Service Certificate (parameter name: "serviceCertificate")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`certAuthority`| `String` |Value obtained from FuzzedDataProvider|
|`serverUrl`| `String` |Value obtained from FuzzedDataProvider|
|`serviceCertificate`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) content_decryption_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/content_decryption_fuzzer/vendor/content_decryption_fuzzer
```
# <a name="SystemIdExtractor"></a> Fuzzer for SystemIdExtractor
SystemIdExtractor supports the following parameters:
1. OEM Cert (parameter name: "oemCert")
2. Key Data (parameter name: "keyData")
3. System Id (parameter name: "mSystemId")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`oemCert`| `String` |Value obtained from FuzzedDataProvider|
|`keyData`| `String` |Value obtained from FuzzedDataProvider|
|`mSystemId`| `Integer in range 0 to 256` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) system_id_extractor_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/system_id_extractor_fuzzer/vendor/system_id_extractor_fuzzer
```
# <a name="ServiceCertificate"></a> Fuzzer for ServiceCertificate
ServiceCertificate supports the following parameters:
1. Message (parameter name: "message")
2. Signature (parameter name: "signature")
3. Request (parameter name: "request")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`message`| `String` |Value obtained from FuzzedDataProvider|
|`signature`| `String` |Value obtained from FuzzedDataProvider|
|`request`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) service_certificate_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/service_certificate_fuzzer/vendor/service_certificate_fuzzer
```
# <a name="PolicyTimers"></a> Fuzzer for PolicyTimers
PolicyTimers supports the following parameters:
1. Seconds Since Last Played (parameter name: "secondsSinceLastPlayed")
2. Expiry Time (parameter name: "expiryTime")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`secondsSinceLastPlayed`| `Integer` |Value obtained from FuzzedDataProvider|
|`expiryTime`| `Interger` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) policy_timers_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/policy_timers_fuzzer/vendor/policy_timers_fuzzer
```
# <a name="PrivacyCrypto"></a> Fuzzer for PrivacyCrypto
PrivacyCrypto supports the following parameters:
1. Message (parameter name: "message")
2. Key (parameter name: "key")
3. Iv (parameter name: "iv")
4. Data (parameter name: 'data')
5. CertIndex (parameter name: 'certIndex')
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`message`| `String` |Value obtained from FuzzedDataProvider|
|`key`| `String` |Value obtained from FuzzedDataProvider|
|`iv`| `String` |Value obtained from FuzzedDataProvider|
|`data`| `String` |Value obtained from FuzzedDataProvider|
|`certIndex`| `Integer` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) privacy_crypto_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/privacy_crypto_fuzzer/vendor/privacy_crypto_fuzzer
```
# <a name="CdmLicense"></a> Fuzzer for CdmLicense
CdmLicense supports the following parameters:
1. InitiDataType (parameter name: "kInitiDataType")
2. ProtectionScheme (parameter name: "kProtectionScheme")
3. SecurityLevel (parameter name: "kSecurityLevel")
4. SignedType(parameter name: "kSignedType")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`kInitiDataType`| 1. `video/mp4` <br> 2. `video/webm` <br> 3. `cenc` <br> 4. `hls` <br> 5. `webm` <br> |Value obtained from FuzzedDataProvider|
|`kProtectionScheme`| 1. `0x63626331` <br> 2. `0x63626373` <br> 3. `0x31636263` <br> 4. `0x73636263` <br> 5. `0x63656e63` <br> |Value obtained from FuzzedDataProvider|
|`kSecurityLevel`| 1. `QUERY_VALUE_SECURITY_LEVEL_L1` <br> 2. `QUERY_VALUE_SECURITY_LEVEL_L2` <br> 3. `QUERY_VALUE_SECURITY_LEVEL_L3` <br> |Value obtained from FuzzedDataProvider|
|`kSignedType`| 1. `SignedMessage::LICENSE` <br> 2.`SignedMessage::SERVICE_CERTIFICATE` <br> 3. `SignedMessage::ERROR_RESPONSE`|Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) cdm_license_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/cdm_license_fuzzer/vendor/cdm_license_fuzzer
```
# <a name="CryptoSession"></a> Fuzzer for CryptoSession
CryptoSession supports the following parameters:
1. token (parameter name: "token")
2. signed_message (parameter name: "signed_message")
3. signature (parameter name: "signature")
4. provider_session_token (parameter name: "signature")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`token`| `String` |Value obtained from FuzzedDataProvider|
|`signed_message`| `String` |Value obtained from FuzzedDataProvider|
|`signature`| `String` |Value obtained from FuzzedDataProvider|
|`provider_session_token`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) crypto_session_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/arm64/crypto_session_fuzzer/vendor/crypto_session_fuzzer
```
# <a name="BufferReader"></a> Fuzzer for BufferReader
BufferReader supports the following parameters:
1. Buffer reader data (parameter name: "rawData")
2. Init data types (parameter name: "initDataType")
3. HLS methods (parameter name:"hlsMethod")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`rawData`| `Vector` |Value obtained from FuzzedDataProvider|
|`initDataType`| 1.`HLS_INIT_DATA_FORMAT` 2.`ISO_BMFF_VIDEO_MIME_TYPE` 3.`ISO_BMFF_AUDIO_MIME_TYPE` 4.`CENC_INIT_DATA_FORMAT` 5.`WEBM_VIDEO_MIME_TYPE` 6.`WEBM_AUDIO_MIME_TYPE` 7.`WEBM_INIT_DATA_FORMAT` |Value obtained from FuzzedDataProvider|
|`hlsMethod`| 1.`HLS_METHOD_AES_128` 2.`HLS_METHOD_NONE` 3.`HLS_METHOD_SAMPLE_AES` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) buffer_reader_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/buffer_reader_fuzzer/vendor/buffer_reader_fuzzer
```
# <a name="CdmEngine"></a> Fuzzer for CdmEngine
CdmEngine supports the following parameters:
1. Key System (parameter name: "keySystem")
2. Level (parameter name: "level")
3. Frame Number (parameter name: "frameNum")
4. Spoid (parameter name: "spoid")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`keySystem`| `String` |Value obtained from FuzzedDataProvider|
|`level`| `int32_t` |Value obtained from FuzzedDataProvider|
|`frameNum`| `unit32_t` |Value obtained from FuzzedDataProvider|
|`spoid`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) cdm_engine_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/arm64/cdm_engine_fuzzer/vendor/cdm_engine_fuzzer
```
# <a name="CertificateProvisioning"></a> Fuzzer for CertificateProvisioning
CertificateProvisioning supports the following parameters:
1. service_certificate (parameter name: "service_certificate")
2. responseMessage (parameter name: "response")
3. type (parameter name: "type")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`service_certificate`| `String` |Value obtained from FuzzedDataProvider|
|`responseMessage`| `String` |Value obtained from FuzzedDataProvider|
|`type`| 1. `ResponseType::kNoError` <br> 2. `ResponseType::kResponseTypeBase` <br> 3. `ResponseType::kObjectNotInitialized` <br> 4. `ResponseType::kParameterNull` <br> 5. `ResponseType::kBasePathUnavailable` <br> 6. `ResponseType::kFileOpenFailed` <br> 7. `ResponseType::kFileWriteError` <br> 8. `ResponseType::kFileReadError` <br> 9. `ResponseType::kInvalidFileSize` <br> 10. `ResponseType::kHashComputationFailed` <br> 11. `ResponseType::kFileHashMismatch` <br> 12. `ResponseType::kFileParseError1` <br> 13. `ResponseType::kFileParseError2` <br> 14. `ResponseType::kUnknownLicenseState` <br> 15. `ResponseType::kIncorrectFileType` <br> 16. `ResponseType::kIncorrectFileVersion` <br> 17. `ResponseType::kLicenseNotPresent` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) certificate_provisioning_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/certificate_provisioning_fuzzer/vendor/certificate_provisioning_fuzzer
```
# <a name="DeviceFile"></a> Fuzzer for DeviceFile
DeviceFile supports the following parameters:
1. AtscModeEnabled (parameter name: "atsc_mode_enabled")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`AtscModeEnabled`| `Bool` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) device_files_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/device_files_fuzzer/vendor/device_files_fuzzer
```
# <a name="CdmSession"></a> Fuzzer for CdmSession
CdmSession supports the following parameters:
1. CdmKeyResponse (parameter name: "key_response")
2. CdmSessionId (parameter name: "forced_session_id")
3. KeyId (parameter name:"key_id")
| Parameter| Valid Values| Configured Value|
|------------- |-------------| ----- |
|`key_response`| `String` |Value obtained from FuzzedDataProvider|
|`forced_session_id`| `String` |Value obtained from FuzzedDataProvider|
|`key_id`| `String` |Value obtained from FuzzedDataProvider|
#### Steps to run
1. Build the fuzzer
```
$ mm -j$(nproc) cdm_session_fuzzer
```
2. Run on device
```
$ adb sync data
$ adb shell /data/fuzz/arm64/cdm_session_fuzzer/vendor/cdm_session_fuzzer
```
Reference in New Issue View Git Blame Copy Permalink