ce_cdm/oemcrypto/test/fuzz_tests/oemcrypto_generic_verify_fuzz.cc

// Copyright 2020 Google LLC. All Rights Reserved. This file and proprietary
// source code may only be used and distributed under the Widevine
// License Agreement.

#include <vector>

#include "FuzzedDataProvider.h"
#include "OEMCryptoCENC.h"
#include "oemcrypto_fuzz_helper.h"
#include "oemcrypto_fuzz_structs.h"

namespace {

// Avoid calling non-trivial destructor.
wvoec::OEMCryptoLicenseAPIFuzz& license_api_fuzz =
    *new wvoec::OEMCryptoLicenseAPIFuzz;

}  // namespace

extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv) {
  wvoec::RedirectStdoutToFile();
  license_api_fuzz.Initialize();
  license_api_fuzz.LoadLicenseWithGenericCryptoKeys();
  return 0;
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  // Split data using separator.
  const std::vector<wvoec::FuzzedData> inputs =
      wvoec::SplitFuzzedData(data, size);
  if (inputs.size() < 2) {
    return 0;
  }

  // Deserialize fuzzed data.
  wvoec::OEMCrypto_Generic_Api_Fuzz fuzzed_structure;
  if (inputs[0].size < sizeof(fuzzed_structure)) {
    return 0;
  }
  FuzzedDataProvider fuzzed_data(inputs[0].data, inputs[0].size);
  fuzzed_data.ConsumeData(&fuzzed_structure, sizeof(fuzzed_structure));
  wvoec::ConvertDataToValidEnum(OEMCrypto_CipherMode_MaxValue,
                                fuzzed_structure.cipher_mode);
  wvoec::ConvertDataToValidEnum(OEMCrypto_Algorithm_MaxValue,
                                fuzzed_structure.algorithm);
  const std::vector<uint8_t> buffer =
      fuzzed_data.ConsumeRemainingBytes<uint8_t>();
  const std::vector<uint8_t> signature(inputs[1].data,
                                       inputs[1].data + inputs[1].size);

  // Select key and verify.
  wvoec::Session& session = license_api_fuzz.session();
  OEMCrypto_SelectKey(session.session_id(), session.license().keys[3].key_id,
                      session.license().keys[3].key_id_length,
                      fuzzed_structure.cipher_mode);
  OEMCrypto_Generic_Verify(session.session_id(), buffer.data(), buffer.size(),
                           fuzzed_structure.algorithm, signature.data(),
                           signature.size());
  return 0;
}