// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary // source code may only be used and distributed under the Widevine // License Agreement. #include "OEMCryptoCENC.h" #include "log.h" #include "oemcrypto_fuzz_helper.h" #include "oemcrypto_fuzz_structs.h" #include "oemcrypto_types.h" namespace wvoec { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { // Redirect printf and log statements from oemcrypto functions to a file to // reduce noise RedirectStdoutToFile(); OEMCrypto_Generic_Api_Fuzz fuzzed_structure; if (size < sizeof(fuzzed_structure)) { return 0; } // Copy OEMCrypto_Generic_Api_Fuzz from input data. memcpy(&fuzzed_structure, data, sizeof(fuzzed_structure)); ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue, &fuzzed_structure.cipher_mode); ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue, &fuzzed_structure.algorithm); size_t clear_buffer_size = size - sizeof(fuzzed_structure); if (clear_buffer_size == 0) { return 0; } // Copy clear buffer from input data. vector clear_buffer(clear_buffer_size); memcpy(clear_buffer.data(), data + sizeof(fuzzed_structure), clear_buffer_size); OEMCryptoLicenseAPIFuzz license_api_fuzz; Session* session = license_api_fuzz.session(); // Load license and call generic_sign API. license_api_fuzz.LoadLicense(); OEMCryptoResult sts = OEMCrypto_SelectKey( session->session_id(), session->license().keys[0].key_id, session->license().keys[0].key_id_length, fuzzed_structure.cipher_mode); CheckStatusAndExitFuzzerOnFailure(sts, OEMCrypto_SUCCESS); size_t signature_length = 0; OEMCrypto_Generic_Sign(session->session_id(), clear_buffer.data(), clear_buffer.size(), fuzzed_structure.algorithm, nullptr, &signature_length); vector signature(signature_length); OEMCrypto_Generic_Sign(session->session_id(), clear_buffer.data(), clear_buffer.size(), fuzzed_structure.algorithm, signature.data(), &signature_length); return 0; } } // namespace wvoec